Back to skill

Security audit

Nutanix Aiops

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed Nutanix Prism Central operations tool with real infrastructure authority, so it should be installed only with tightly scoped credentials.

Install only if you intend to let an agent operate Nutanix Prism Central. Use a dedicated least-privilege REST API account, keep high-risk actions behind dry-runs and human approval, protect ~/.nutanix-aiops with restrictive permissions, avoid persistent shell exports of the master password, and treat the package as preview because it says it is mock-validated rather than live-verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide recommends exporting the master password via an environment variable for non-interactive use, but does not warn that environment variables can be exposed through shell history, process inspection, CI job logs, crash dumps, or inherited child processes. Because this password unlocks the local encrypted credential store, exposure would allow an attacker with host or pipeline visibility to recover Prism Central credentials and operate the Nutanix estate.

Session Persistence

Medium
Category
Rogue Agent
Content
compatibility: >
  Standalone, self-governed Nutanix Prism Central operations (preview). The governance harness (audit, policy, token/runaway budget, undo, risk-tiers) is bundled in the package — no external skill-family dependency.
  Connects to Prism Central on HTTPS :9440 with HTTP Basic auth (username + password). The v4 REST API requires an ETag/If-Match on every mutation; nutanix-aiops fetches and sends it automatically. All list tools paginate automatically; vm_list returns both AHV and ESXi VMs.
  All write operations are audited to a local SQLite DB under ~/.nutanix-aiops/ (relocatable via NUTANIX_AIOPS_HOME).
  Credentials: the Prism Central password is stored ENCRYPTED in ~/.nutanix-aiops/secrets.enc (Fernet/AES-128 + scrypt-derived key) — never plaintext on disk. Run 'nutanix-aiops init' to onboard, or 'nutanix-aiops secret set <target>' to add one. The store is unlocked by a master password from NUTANIX_AIOPS_MASTER_PASSWORD (non-interactive/MCP/CI) or an interactive prompt (CLI on a TTY). A legacy plaintext env var NUTANIX_<TARGET_NAME_UPPER>_PASSWORD is still honoured as a fallback with a deprecation warning (migrate with 'nutanix-aiops secret migrate'). The account needs REST API rights, not just Web UI access.
  State-changing operations require the @governed_tool decorator (pre-check + budget guard + audit + risk-tier gate). High-risk ops (vm_delete, vm_migrate, storage_container_delete, subnet_delete, snapshot_delete, snapshot_restore, pd_failover, image_delete, lcm_update) support dry_run and, at the CLI, double confirmation; reversible writes record an undo descriptor (vm_update → prior CPU/memory, vm_migrate → prior host).
  High-risk approvals: set NUTANIX_AUDIT_APPROVED_BY and NUTANIX_AUDIT_RATIONALE for a named approver.
Confidence
86% confidence
Finding
write operations are audited to a local SQLite DB under ~/.nutanix-aiops/ (relocatable via NUTANIX_AIOPS_HOME). Credentials: the Prism Central password is stored ENCRYPTED in ~/.nutanix-aiops/secret

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.