Sudo/Root Execution
Medium
- Category
- Privilege Escalation
- Content
sudo docker compose ps # 看 TeslaMate 实时日志 sudo docker compose logs -f teslamate # 改默认密码 / 加密密钥 cd ~/teslamate # 远程是 /home/$ssh_user/teslamate
- Confidence
- 83% confidence
- Finding
- sudo
Security audit
Security checks across malware telemetry and agentic risk
The skill appears aimed at deploying TeslaMate, but it asks the agent to run high-impact deployment scripts that are not actually included in the submitted artifact.
Review this skill before installing. Confirm the missing scripts and docker-compose.yml from the original source, inspect them directly, and avoid running it on a sensitive host until the package includes the files it claims to execute. If used, prefer a private working directory, change all default credentials and encryption keys, and firewall ports 3000, 4000, and 1883.
sudo docker compose ps # 看 TeslaMate 实时日志 sudo docker compose logs -f teslamate # 改默认密码 / 加密密钥 cd ~/teslamate # 远程是 /home/$ssh_user/teslamate
SKILL_DIR="$HOME/.workbuddy/skills/teslamate-deploy"
# 临时拷贝到 ~/teslamate-deploy 一起执行 (install 脚本需要 docker-compose.yml 在同目录)
WORK=/tmp/teslamate-deploy-$USER
rm -rf "$WORK" && mkdir -p "$WORK"
cp "$SKILL_DIR/scripts/"{deploy-setup.sh,install-teslamate.sh,docker-compose.yml} "$WORK/"
chmod +x "$WORK/deploy-setup.sh" "$WORK/install-teslamate.sh"
cd "$WORK"64/64 vendors flagged this skill as clean.
No suspicious patterns detected.