Back to skill

Security audit

essesseff DevOps ALM

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate DevOps helper, but it can deploy to production, create repositories, delete packages, and handle secrets without enough built-in guardrails.

Review this before installing in any environment with real production access. Use least-privilege and preferably short-lived credentials, require explicit human approval for PROD deployments, package deletions, app creation, and repository visibility changes, and keep .essesseff, .env, PATs, and notifications-secret.yaml out of Git, logs, prompts, and shared transcripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (9)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly advertises capabilities to create apps, manage deployments, promote images across environments, and run onboarding automation, but it does not warn that these operations can make real changes to infrastructure and production systems. In an agent setting, that omission increases the chance of unintended destructive or unauthorized actions because users or downstream tools may treat the documentation as routine rather than high-impact.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The documentation instructs use of an API key header and lists multiple sensitive environment variables, including GitHub and Argo CD credentials, without any handling guidance or warning against logging, echoing, or exposing them. In practice, agent workflows often surface command output and environment-derived values, so missing secrecy guidance can lead to credential leakage and follow-on compromise.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents a direct production deployment endpoint and explicitly notes that deployment to PROD requires no OTP via the API, but provides no cautionary guardrails. In the context of an automation skill, this materially raises risk because an agent could initiate a real production release with only an API key and a request body, leading to outages, unauthorized releases, or policy bypass.

Missing User Warnings

High
Confidence
86% confidence
Finding
The documentation explicitly states that PROD deployment via API requires no OTP, which signals a bypass of an interactive safeguard for live production changes. In the context of an agent skill that can automate these calls, failing to prominently warn about this elevated sensitivity increases the risk of accidental or unauthorized production deployment if API credentials are exposed or misused.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This documentation describes a state-changing API call that can trigger real environment deployments, including promotion to PROD, without any explicit warning about operational risk, approval requirements, or the fact that PROD via API does not require OTP. In an agent skill whose purpose is to automate deployments and lifecycle promotions, omission of strong warnings materially increases the chance that an LLM agent or user will invoke the endpoint in an unsafe or unintended way.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation describes operations that clone repositories, create GitHub repos, push commits, and modify local files, but it does not present a prominent warning that running the utility will make real changes to local and remote resources. In a DevOps onboarding context, users may execute commands assuming they are informational or reversible, increasing the chance of unintended repository creation, overwrites, or pushes to production-related repos.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs users to provide multiple sensitive credentials and later notes that some of them are written into `.env` files, but it lacks a strong, early warning about secret storage, file permissions, cleanup, and the risk of accidental commit or workspace exposure. Because this utility handles GitHub PATs, Argo CD credentials, and API keys, weak guidance on secret handling materially raises the chance of credential leakage.

Credential Access

High
Category
Privilege Escalation
Content
### Argo CD Setup
For each environment:
1. (Subscribers) Downloads `notifications-secret.yaml`.
2. Clones the argocd-env repo (`{app-name}-argocd-{env}`).
3. Creates `.env` file with required variables.
4. (Subscribers) Copies `notifications-secret.yaml` to repo.
Confidence
92% confidence
Finding
secret.yaml

Credential Access

High
Category
Privilege Escalation
Content
1. (Subscribers) Downloads `notifications-secret.yaml`.
2. Clones the argocd-env repo (`{app-name}-argocd-{env}`).
3. Creates `.env` file with required variables.
4. (Subscribers) Copies `notifications-secret.yaml` to repo.
5. Runs `setup-argocd.sh`.

**Variables written to `.env` files:**
Confidence
95% confidence
Finding
secret.yaml

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
README.md:64

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/api-apps.md:50

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/api-environments.md:34

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/api-images.md:64

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/api-organizations.md:42

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/api-overview.md:22

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/api-packages.md:54

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/api-retention-policies.md:44

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/api-templates.md:32

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:42