ClawHub
Back to skill

Security audit

Sglang Amd Bench

Security checks across malware telemetry and agentic risk

Overview

This is a coherent GPU benchmarking skill, but it automatically enables model-supplied code execution and should be reviewed before use.

Install only for use on a dedicated GPU host or isolated container. Use trusted, pinned model files, avoid unreviewed Hugging Face model repositories, inspect the DRY_RUN output before launching, and be careful with EXTRA_ARGS and stop.sh on shared systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The launcher unconditionally adds --trust-remote-code, which permits execution of model-provided Python code during load. In a benchmarking script that accepts arbitrary MODEL_PATH values, this broadens the attack surface from serving a model to potentially running untrusted code on the host, especially dangerous on shared GPU benchmark systems.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation states that `--trust-remote-code` is always added when launching the server, which means model-loading may execute arbitrary Python code supplied by a remote Hugging Face repository or other untrusted model source. In a benchmarking skill that accepts `MODEL_PATH` as either a local path or model ID, this materially increases the chance of accidental code execution if a user benchmarks an unreviewed model.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script constructs a shell command string from user-controlled values, including EXTRA_ARGS and MODEL_PATH, and later executes it via unquoted expansion with nohup/exe​c. This allows shell metacharacters, word splitting, and command substitution in supplied environment variables to alter execution or inject additional commands, making it a direct command-injection risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal