Back to skill

Security audit

hap-upgrade

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed HAP private-deployment upgrade helper that can produce risky production commands, but those commands are aligned with its stated upgrade-runbook purpose and are not executed automatically.

Install only if you need HAP private deployment upgrade guidance. Treat generated output as an operations runbook: confirm it against official Mingdao documentation, back up affected systems, use a maintenance window, avoid pasting real passwords into chat, and prefer downloading, inspecting, and verifying remote scripts before executing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

High
Confidence
98% confidence
Finding
The guide instructs users to execute a remote script directly via `curl | bash`, which runs downloaded code without pinning, integrity verification, or prior inspection. In an upgrade skill aimed at private deployment administrators, this is especially dangerous because it is likely to be executed on a privileged control node in a production Kubernetes environment, enabling supply-chain compromise or arbitrary code execution if the remote source is tampered with.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template instructs users to perform in-place edits on deployment files with `sed -i`, which can irreversibly alter configuration and service scripts if paths, patterns, or assumptions are wrong. Although this is an upgrade guide rather than executable code, the absence of an immediate warning about downtime, config corruption, and rollback steps makes accidental operational damage more likely.

Missing User Warnings

High
Confidence
98% confidence
Finding
The guide recommends `bash -c "$(curl -fsSL ... )"`, which downloads and immediately executes remote code without local inspection or integrity verification. If the remote host, network path, or referenced script is compromised, administrators could run attacker-controlled code on production servers during upgrade operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented `bash ./service.sh restartall` command will interrupt running services, but the instruction lacks a prominent warning at the execution point about downtime, user impact, and the need for maintenance planning. In an upgrade skill specifically intended to guide production operations, omission of this warning increases the likelihood of unplanned outages.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The referenced section contains operationally destructive commands such as service restarts, stop/update flows, and storage-component upgrade actions, but it does not prominently warn that these steps can interrupt service, cause downtime, or require maintenance windows and backups. In an upgrade skill that may generate executable runbooks, omission of impact warnings materially increases the chance of accidental production disruption by users following the commands verbatim.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.