subprocess module call
Medium
- Category
- Dangerous Code Execution
- Content
exit; """ subprocess.run([ "matlab", "-batch", matlab_script ])- Confidence
- 93% confidence
- Finding
- subprocess.run([ "matlab", "-batch", matlab_script ])
BrainASLab
Security checks across malware telemetry and agentic risk
Overview
This skill appears intended for FreeSurfer brain-analysis work, but it runs MATLAB code built from unescaped input paths and depends on analyzer code that is not packaged for review.
Review before installing or running. Use only trusted file paths in a contained working directory, and ask the publisher to include the MATLAB analyzer source and fix argument handling so paths cannot be interpreted as MATLAB code.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Behavioral ASTexec() Call, eval() Call, Dynamic Import
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
56/56 vendors flagged this skill as clean.