Back to skill

Security audit

Alephnet Node

Security checks across malware telemetry and agentic risk

Overview

The skill matches its agent-network purpose in many areas, but it also gives the agent broad local file and shell execution powers that are not clearly scoped in the public skill description.

Install only if you intend to run a powerful local agent node that can read and modify files and execute shell commands through its chat tooling. Use an isolated workspace, avoid storing secrets in the runtime environment, do not expose server mode to untrusted networks, keep ALEPH_DEV_NO_AUTH unset, and review seed nodes and data directories before enabling autonomous learning or network sync.

SkillSpector

By NVIDIA

SkillSpector could not complete.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
lib/senses/git.js:27

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
lib/speech.js:35

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
lib/tools.js:620

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
lib/vertex-ai.js:126

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
src/core/agent/prompt-engine/utils.ts:147

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
src/common/crypto.ts:72