Security audit

deer-flow-manager

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward DeerFlow setup helper, but it includes real install, API key, update, and uninstall commands that users should review before running.

Install this only if you intend to manage DeerFlow locally. Before running commands, confirm ~/deer-flow is the intended directory, back up config.yaml, .env, logs, and custom changes before uninstalling or rebuilding, and keep API keys in environment variables or local secret storage rather than chat or source control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The uninstall section includes `rm -rf "$INSTALL_DIR"` but does not explicitly warn that this permanently deletes the entire installation directory and any local configuration, logs, or embedded secrets stored there. In an agent skill context, users may follow commands verbatim, so missing a destructive-action warning increases the chance of accidental data loss.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill asks users to provide API keys and configure them in `.env` or `config.yaml` without a clear warning that these are sensitive secrets that should not be pasted into chat, logs, or source-controlled files. In an agent workflow, this can lead to credential exposure through conversation history, terminal history, or accidental commits.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The uninstall instructions include irreversible deletion of the installation directory but do not warn users that local data, configs, logs, and custom changes under ~/deer-flow will be permanently removed. In an agent skill context, omission of a safety warning increases the risk that destructive commands are run automatically or copied blindly without confirmation.

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The update instructions remove backend/.venv without warning that the local virtual environment will be destroyed and recreated. While limited in scope, this can still disrupt local development, remove manually installed packages, and surprise users if executed by an automation agent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.