Back to skill

Security audit

Container Host Aiops

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Docker and Portainer operations tool with powerful host-management access, but its sensitive behavior is aligned with its purpose and documented with safeguards.

Install only where you intend the agent to manage that Docker or Portainer host. Prefer TLS with certificate verification, avoid plain Docker TCP, treat Docker socket access as administrator-level host access, and use dry-run plus approver controls before destructive actions like prune, remove, or stack recreate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manual configuration example explicitly sets `verify_ssl: false`, which normalizes disabling TLS certificate verification at the point where users are likely to copy-paste settings. In a tool that can manage Docker/Portainer hosts and perform guarded writes, this exposes users to man-in-the-middle attacks, credential interception, and unauthorized host operations if the connection is tampered with.

Session Persistence

Medium
Category
Rogue Agent
Content
## 2. What you need

- **Docker (unix socket)** — read/write access to the Docker socket (default
  `/var/run/docker.sock`). No secret is stored; the socket's file permissions are
  the trust boundary. Treat socket access as **root-equivalent** on the host.
- **Docker (TCP)** — a host + port (2375 plain, 2376 TLS). Enable TLS in
Confidence
89% confidence
Finding
write access to the Docker socket (default `/var/run/docker.sock`). No secret is stored; the socket's file permissions are the trust boundary. Treat socket access as **root-equivalent** on the hos

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.