Security audit

wemol-cli

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Wemol CLI operating guide, but it needs Review because it normalizes risky installer and credential-handling patterns.

Install only if you trust Wemol and explicitly approve installing or upgrading the CLI. Prefer a verified or signed installer when available, avoid putting passwords or session IDs in command arguments, confirm the Wemol account and host before use, and review which local files will be uploaded before submitting jobs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill explicitly recommends `wemol-cli login --username <name> --password <password>` for non-interactive login without warning that command-line passwords are often exposed via shell history, process listings, audit logs, and agent transcripts. In an agent context, this is more dangerous because the model may echo, log, or persist credentials while following the documented workflow, creating a realistic credential disclosure path.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The document instructs users/agents to fetch and immediately execute a remote shell script via `curl ... | sh`, which removes the opportunity to inspect the script before execution and turns any compromise of the hosting origin, CDN, TLS trust chain, or release pipeline into immediate code execution. The surrounding text presents this as the normal installation path and does not place a clear warning at the point of use, which is especially risky in an agent skill because automation may execute it non-interactively.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The Windows instructions combine remote script retrieval, `iex` execution, and `ExecutionPolicy Bypass`, which disables a native safety control and directly executes untrusted network content in memory. If the distribution endpoint or delivery path is compromised, this yields immediate arbitrary code execution with little visibility or review, and the skill gives no direct warning at the execution point commensurate with that risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation includes a non-interactive login example that passes a plaintext password on the command line without warning about credential exposure. Command-line arguments are commonly visible via shell history, process listings, CI logs, and terminal recordings, so this guidance can cause accidental credential disclosure even if the CLI itself is legitimate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.