Back to skill

Security audit

C.R.A.B Deploy Agent

Security checks across malware telemetry and agentic risk

Overview

This deployment skill does not appear to steal data or run hidden destructive commands, but it can mark GitHub and Cloudflare deployment steps as complete even though it only prints the commands that would be run.

Review this skill carefully before installing. It is suitable only as a workflow/status helper unless you separately run and verify the actual GitHub and Cloudflare commands. Do not rely on its reported deployed or github_ready status as proof that a repository or Cloudflare Pages deployment exists, and avoid putting broad Cloudflare API tokens in local config files without least-privilege scoping and commit protection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script claims to perform GitHub and Cloudflare deployment steps, but the relevant actions are only printed as 'Would run' messages while local state is updated as if the operations succeeded. This can mislead users or higher-level agents into believing a repository was created or an app was deployed, causing unsafe follow-on decisions, broken release processes, or false security assumptions about what infrastructure exists.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The script advertises 'human approval at each step' but does not enforce any approval checks before advancing build, push, or deploy stages. In an agent skill context, this mismatch is dangerous because operators may rely on the stated approval gate as a safety control, while the code allows progression based only on step number.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The skill documentation instructs users to place a Cloudflare API token directly in a local config file without any warning about sensitivity, least privilege, or safer secret-handling practices. This can lead to credential exposure through backups, screenshots, shell history, dotfile sync, or accidental commits, especially in a deployment-oriented workflow that routinely interacts with remote services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.