Back to skill

Security audit

byted-bp-cdn-pagesdeploy

Security checks across malware telemetry and agentic risk

Overview

This deployment skill appears purpose-built for BytePlus Pages, but it asks for cloud credentials and can run or misdirect powerful local and cloud actions in ways users should review first.

Install only if you trust this skill with BytePlus/VolcEngine deployment credentials and local command execution. Use a least-privileged access key, avoid untrusted values for --build-cmd, --desc, project names, and domains, verify the exact project ID before updates or offline/delete actions, and remove or rotate stored credentials when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script accepts a user-controlled --build-cmd value and executes it with eval, which enables arbitrary shell command execution in the privileges and environment of whoever runs the skill. In an agent/automation context this is especially dangerous because the command can read local files, exfiltrate credentials, modify the workspace, or chain into further compromise.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents destructive operations (`offline` and `delete`) as routine management commands without any warning, confirmation guidance, or scoping precautions. In an agent-executed workflow, this increases the chance that an LLM or user invokes irreversible or service-impacting actions unintentionally, taking a live site offline or deleting a Pages project.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The optional build command feature executes arbitrary shell input without any safety guardrails, and because it uses eval the risk is not merely running a build tool but interpreting shell metacharacters, command substitution, and chained payloads. In this deployment skill's context, users are likely to run it in environments containing source code, tokens, and cloud credentials, increasing the damage from command injection or misuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script prompts for an access key and secret key, then writes them into the CLI's global configuration with `nest config set -g`, but it does not clearly warn the user that these credentials will be persistently stored. Persistently saving cloud credentials in global config increases the risk of unintended exposure to other local users, backup systems, shell/history-adjacent tooling, or later compromise of the workstation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.