Back to plugin

Security audit

Gen Sage

Security checks across malware telemetry and agentic risk

Overview

Sage appears to be a real security plugin, but it needs Review because it broadly monitors agent actions, sends some security telemetry to cloud services, and includes source comments describing scanner-avoidance patterns.

Install only if you are comfortable with a security plugin inspecting agent commands, URLs, file paths, write/edit content, and installed plugins; storing local logs and exceptions under ~/.sage; and sending URL/hash/verdict telemetry to Sage/Avast-backed services. Review configuration for community_iq, url_check, file_check, package_check, logging, amsi_check, and pi_check before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

External Script Fetching

High
Category
Supply Chain
Content
## Remote Code Execution

- **Never pipe untrusted content to a shell** (`curl | bash`, `wget | sh`). Always download first, inspect, then execute.
- Avoid `eval()` on untrusted input in any language.
- Be cautious with `source` or `.` commands on remote scripts.
Confidence
90% confidence
Finding
curl | bash

External Script Fetching

High
Category
Supply Chain
Content
## Remote Code Execution

- **Never pipe untrusted content to a shell** (`curl | bash`, `wget | sh`). Always download first, inspect, then execute.
- Avoid `eval()` on untrusted input in any language.
- Be cautious with `source` or `.` commands on remote scripts.
Confidence
90% confidence
Finding
wget | sh

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## Command Injection Patterns

- Watch for reverse shell patterns: `/dev/tcp/`, `nc -e`, `bash -i >& /dev/`.
- Destructive commands like `rm -rf /`, `mkfs`, `dd if=`, and `shred` can cause irreversible data loss.
- Be wary of download-and-execute chains: `curl ... && chmod +x && ./`.

## Supply Chain Security
Confidence
90% confidence
Finding
rm -rf /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## Command Injection Patterns

- Watch for reverse shell patterns: `/dev/tcp/`, `nc -e`, `bash -i >& /dev/`.
- Destructive commands like `rm -rf /`, `mkfs`, `dd if=`, and `shred` can cause irreversible data loss.
- Be wary of download-and-execute chains: `curl ... && chmod +x && ./`.

## Supply Chain Security
Confidence
85% confidence
Finding
rm -rf /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- Watch for reverse shell patterns: `/dev/tcp/`, `nc -e`, `bash -i >& /dev/`.
- Destructive commands like `rm -rf /`, `mkfs`, `dd if=`, and `shred` can cause irreversible data loss.
- Be wary of download-and-execute chains: `curl ... && chmod +x && ./`.

## Supply Chain Security
Confidence
80% confidence
Finding
chmod +x && ./`. ## Supply Chain Security - Verify package names carefully — typosquatting is common (e.g., `colourama` vs `colorama`). - Check package popularity and maintenance status before insta

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.cjs:5358
Evidence
while ((next = coerceRtlRegex.exec(version)) && (!match || match.index + match[0].length !== version.length)) {

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
dist/mcp-server.cjs:16574
Evidence
const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.cjs:4419
Evidence
const envDir = process.env.CLAUDE_CONFIG_DIR;

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/mcp-server.cjs:4473
Evidence
var debug = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEM...

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/model-download-worker.cjs:1079
Evidence
bn = process.env.TESTING_TAR_FAKE_PLATFORM || process.platform;