Proxmox Aiops

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed Proxmox management helper with powerful VM actions, local credentials, and local audit logging, but no evidence of hidden, unrelated, or deceptive behavior.

Install only if you intend to let an agent manage real Proxmox infrastructure. Use a dedicated least-privilege Proxmox API token, keep ~/.proxmox-aiops/.env chmod 600, leave TLS verification enabled outside labs, and require explicit human approval before delete, rollback, stop, migrate, or other production-impacting writes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The capability list exposes destructive operations such as VM deletion and snapshot rollback, and labels some as irreversible or high-risk, but it does not provide explicit operator-facing caution, confirmation requirements, or usage constraints in the documentation itself. In a Proxmox management skill, this increases the chance of accidental misuse or unsafe invocation by downstream agents or users, potentially causing service disruption or permanent data loss.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal