Byted Vefaas Skills

Security checks across malware telemetry and agentic risk

Overview

This veFaaS deployment skill is purpose-aligned, but it needs review because its examples can make live cloud changes and handle secrets without enough guardrails.

Install only if you intend to let an agent help manage veFaaS cloud resources. Before using it, remove automatic confirmation from copied deploy commands, verify the target account and environment before any deployment, use least-privilege or short-lived credentials, avoid putting secrets directly on command lines, protect ~/.vefaas/auth.json, and redact env values and debug logs before sharing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (13)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill provides ready-to-run non-interactive commands such as `vefaas deploy ... --yes` and environment/configuration management commands without clearly warning that they perform real remote actions against the user's veFaaS account. In an agent context, this increases the chance of unintended deployment, configuration drift, creation of billable resources, or exposure of services because the commands are optimized for unattended execution.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The example encourages importing a `.env.prod` file containing real-looking secrets without clearly warning that those values will be uploaded to the remote veFaaS environment. In a deployment skill, this is security-relevant because users may unintentionally transmit production credentials, over-share local secrets, or commit unsafe secret-handling practices by following the example verbatim.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The cookbook includes commands and sample output that directly reveal or manipulate sensitive environment variables such as DATABASE_URL and API_KEY, but it provides no warning about secret handling, redaction, terminal history, or secure storage. In an operational deployment skill, this can normalize exposing credentials in shells, screenshots, logs, or pasted outputs, increasing the chance of accidental secret disclosure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The cookbook includes non-interactive credential examples using command-line flags and environment variables without warning that secrets may be exposed through shell history, process listings, CI logs, or shared terminal environments. In a deployment-focused skill, this is operationally risky because users may copy-paste the examples directly with real credentials and unintentionally leak long-lived cloud access keys.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The deployment example uses automatic confirmation with --yes while creating a new remote application, which removes an opportunity for the user to review target settings before making live infrastructure changes. In this skill's context, the command can immediately provision and deploy cloud resources, increasing the chance of accidental production changes or unexpected cost exposure.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The complete example repeats a non-interactive deployment flow that can push code and create/update remote resources without an explicit review step. Because this is a quickstart intended for copy-paste execution, it makes accidental deployment more likely, especially for new users who may not realize the command has immediate external effects.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documentation states that credentials are saved to `~/.vefaas/auth.json` but does not warn that this file contains sensitive material that must be protected with strict filesystem permissions and excluded from backups or source control. In a deployment-focused skill, users are likely to run these commands on shared workstations, CI runners, or cloud shells, increasing the chance of credential theft if the file is readable by other users or mishandled.

Missing User Warnings

High

Confidence: 97% confidence
Finding: Passing AK/SK directly on the command line can expose secrets through shell history, process listings, audit logs, and CI job output. Because this skill is specifically about deploying and managing serverless applications, these examples are likely to be copied into automation or shared terminals, making credential leakage more likely and potentially enabling full account compromise.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: Environment variables are common for CI/CD, but documenting them without handling guidance can lead to accidental exposure via debug logs, crash dumps, inherited subprocess environments, and improperly configured CI secrets. In this serverless deployment context, users will likely paste these examples into pipelines, where weak masking or overbroad job permissions can leak long-lived cloud credentials.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: Recommending `veFaaSFullAccess` without any least-privilege guidance encourages overbroad permissions, so compromise of the documented credentials could grant unnecessary control over serverless resources. In an infrastructure-management skill, excessive IAM permissions materially increase blast radius, including deployment tampering, data exposure, and service disruption.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation explicitly demonstrates commands that print full environment variable values, including sensitive examples such as DATABASE_URL and API_KEY, directly to terminal output. In an agent skill context, this is risky because agent executions, shell history, screenshots, CI logs, or chat transcripts may capture and expose secrets to unintended parties.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The troubleshooting guide explicitly tells users where debug logs are stored and notes that they contain full JSON response data, but it does not warn that these logs may include sensitive material such as API parameters, environment values, identifiers, or other operational metadata. In a deployment CLI context, encouraging users to inspect or share raw logs increases the chance of credential, token, or infrastructure information disclosure.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The feedback section instructs users to collect and share raw debug output, the latest log file, and environment details without any privacy or secret-handling warning. Because this skill manages serverless deployments, those artifacts can expose account metadata, request/response payloads, host details, and potentially secret-bearing debug traces to support channels or third parties.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal