Security audit

Dirs Submit

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent, but it documents remote install and self-update flows that can replace local code while the CLI also stores account tokens.

Install only if you trust the ship CLI repository and release process. Prefer reviewing or pinning the installer, avoid casual self-updates, protect ~/.config/ship/config.json, and confirm the target site and URL before running submit commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly promotes browser login with persistent token storage and also documents environment-variable token usage, but it does not warn users about protecting tokens, file permissions, shell history/process exposure, or avoiding accidental disclosure. In an agent skill context, this increases the chance that credentials are stored or surfaced insecurely during automated use, leading to account compromise for the supported services.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The install instructions use `bash <(curl ...)`, which executes a remotely fetched script directly, and the README presents this without any warning or integrity-verification guidance. This is dangerous because a compromised repository, CDN, network path, or maintainer account could turn installation into arbitrary code execution on the user's system.

Self-Modification

High

Category: Rogue Agent
Content: name: dirs-submit description: CLI tool for the `ship` command wrapping aidirs.org and backlinkdirs.com submission APIs. Use when the user needs to login, submit a URL, preview site metadata, check CLI version, or self-update the CLI from terminal. Supports browser login, per-site token storage, submit/fetch commands, version checks, and self-update. version: 0.1.0 metadata:
Confidence: 91% confidence
Finding: self-update

Self-Modification

High

Category: Rogue Agent
Content: description: CLI tool for the `ship` command wrapping aidirs.org and backlinkdirs.com submission APIs. Use when the user needs to login, submit a URL, preview site metadata, check CLI version, or self-update the CLI from terminal. Supports browser login, per-site token storage, submit/fetch commands, version checks, and self-update. version: 0.1.0 metadata: openclaw:
Confidence: 91% confidence
Finding: self-update

Self-Modification

High

Category: Rogue Agent
Content: # dirs-submit Use `ship` to login, submit URLs, preview metadata, check versions, and self-update. ## Structure
Confidence: 90% confidence
Finding: self-update

Self-Modification

High

Category: Rogue Agent
Content: ship version ship version --latest ship version --json ship self-update ship self-update --json ```
Confidence: 94% confidence
Finding: self-update

Self-Modification

High

Category: Rogue Agent
Content: ship version --latest ship version --json ship self-update ship self-update --json ``` 说明：
Confidence: 94% confidence
Finding: self-update

Self-Modification

High

Category: Rogue Agent
Content: 说明： - `version --latest` 会检查 GitHub latest release - `self-update` 会下载当前平台对应的 release asset 并替换本地可执行文件 - Windows 当前不做自动覆盖更新，会提示用户手动下载最新版本 ## Result Interpretation
Confidence: 97% confidence
Finding: self-update

Self-Modification

High

Category: Rogue Agent
Content: ship submit https://example.com --site aidirs.org ship fetch https://example.com --site backlinkdirs.com --json ship version --latest ship self-update ```
Confidence: 89% confidence
Finding: self-update

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.