Back to skill

Security audit

Vmware Nsx Security

Security checks across malware telemetry and agentic risk

Overview

The skill appears to use local NSX credentials for its stated setup workflow, with the main risk being disclosed local password storage rather than hidden or malicious behavior.

Install only if you are comfortable storing NSX credentials locally. Use a least-privileged NSX account, keep the `.env` file out of version control and backups, enforce owner-only permissions, and rotate credentials if the file may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Credential Access

High
Category
Privilege Escalation
Content
All checks should show PASS:
- Config file
- .env permissions (owner-only 600)
- Config parse (N targets configured)
- Password (set for each target)
- Network (TCP reachable on port 443)
Confidence
84% confidence
Finding
.env

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.