Back to skill

Security audit

Devops Platform Skill

Security checks across malware telemetry and agentic risk

Overview

This DevOps CLI does what it says, but it handles access tokens and operational data in ways users should review before installing.

Install only if you trust the publisher and the configured DevOps endpoint. Use a least-privilege, revocable token; avoid passing it directly on the command line or in chat; prefer a dedicated short-lived token if available; check local config file permissions after setup; avoid HTTP base URLs; and treat debug output as sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (11)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to configure and store an API token locally and even shows a token example, but it does not warn that the token is a sensitive secret that must be protected, rotated if exposed, and excluded from logs, screenshots, backups, or source control. In a skill/CLI context, normalizing plaintext secret storage without caution increases the chance of credential leakage and unauthorized API access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to supply an API token directly on the command line but does not warn that command-line arguments may be exposed through shell history, process listings, logs, or screenshots. In a DevOps platform context, such tokens can grant broad access to sensitive operational data and management functions, making casual credential exposure risky.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The README advertises full DevOps API access and detailed debug/error output without warning that requests, URLs, parameters, or returned platform data may contain sensitive infrastructure and deployment information. Because this skill targets a DevOps platform, exposing application, release, and environment data in terminal output or logs increases operational security risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill requires a user Open Token to access backend APIs but provides no guidance on secure storage, least-privilege use, rotation, or the privacy/security implications of sending that credential to a backend service. In a DevOps context, such tokens may grant access to sensitive application, release, and iteration data, so unsafe handling materially increases the risk of credential leakage and unauthorized access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documented command passes the bearer token directly as a CLI argument, which can expose it through shell history, process listings, audit logs, or terminal recording tools. Because this is a DevOps platform token, disclosure could allow an attacker to query internal application, release, and planning information or perform authenticated actions supported by the skill.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation explicitly advertises debug output that shows request URLs and parameters, which can expose tokens, internal endpoints, IDs, or other sensitive operational data if logs are shared or stored. In a DevOps/platform-management context, request parameters often contain environment identifiers and access-related metadata, making this more dangerous than in a low-sensitivity tool.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The CLI prompts for an API token and persists it to `~/.devops-platform-config.json` without warning the user that the credential will be stored on disk, and the code does not set restrictive file permissions or use a secure credential store. On multi-user systems or compromised hosts, this can expose a bearer token that grants API access.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The CLI collects an API token and persists it in plaintext to a predictable file in the user's home directory without warning about on-disk storage or applying restrictive permissions. If the workstation, home directory, backups, or local malware are compromised, the token can be recovered and reused to access the backend as that user.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The CLI persists the API token in a JSON config file under the user's home directory without any visible warning, consent flow, or permission hardening. This creates a realistic credential exposure risk if the file is readable by other local users, included in backups, or exfiltrated by unrelated malware on the host.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The CLI persists the API token in a JSON config file under the user's home directory, and there is no indication of file permission hardening, secure storage, or a warning that long-lived credentials are being written to disk. If another local user, malware, backups, shell history, or misconfigured file sharing exposes that file, the bearer token can be reused to access the DevOps platform as the victim.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The CLI persists an API token locally via Configstore and then reuses it for authenticated requests, but there is no indication of secure storage, restricted file permissions, or any warning to the user that the credential will be written to disk. On multi-user systems or compromised developer workstations, locally stored plaintext or weakly protected tokens can be recovered and used to access the backend API.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
bin/devops-platform-enhanced.js:21

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
bin/devops-platform-simple.js:18

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
bin/devops-platform-v3-complete.js:21

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
bin/devops-platform-v3.js:21