ClawHub
Back to skill

Security audit

MiniCPM-o 4.5 Deploy

Security checks across malware telemetry and agentic risk

Overview

This is a coherent MiniCPM-o deployment guide, but it includes normal deployment risks like package installs, model downloads, and starting a local service.

Install only if you are comfortable running deployment commands that download third-party code and large model files. Use a fresh virtual environment, container, or dedicated machine; review the cloned repository and install script before running them; avoid sudo unless you accept system package changes; and treat certificate bypass examples as localhost-only testing guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
except ImportError:
        install_name = pip_name or package
        print(f"[*] Installing {install_name}...")
        subprocess.check_call(
            [sys.executable, "-m", "pip", "install", "-U", install_name],
            stdout=subprocess.DEVNULL,
        )
Confidence
94% confidence
Finding
subprocess.check_call( [sys.executable, "-m", "pip", "install", "-U", install_name], stdout=subprocess.DEVNULL, )

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
A deployment helper that silently installs Python packages exceeds the expected behavior for simply downloading or verifying a model. This is dangerous because package installation executes third-party code and mutates the host environment, which is especially risky in deployment contexts that may run with elevated privileges or in shared systems.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation text is broad enough to trigger on generic deployment, configuration, or troubleshooting requests that may not be specific to MiniCPM-o 4.5. In an agent system, overbroad matching can cause the wrong skill to run and present shell commands, installation steps, or network-download instructions in contexts the user did not intend.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide includes privileged package installation, repository cloning, model downloads, certificate generation, and service startup without an upfront warning that these steps modify the host and access remote resources. In an agent-assisted environment, that omission increases the chance of users approving impactful actions without understanding system, network, or trust implications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script auto-installs missing packages without prior notice or confirmation, so users may unknowingly trigger network access, environment changes, and execution of package installation hooks. In the context of a model deployment skill, this makes the behavior more dangerous because operators often run such helpers on servers, notebooks, or privileged environments where silent dependency changes can have broader impact.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
Verify with curl:

```bash
curl -k https://localhost:8006/health
```

**Four interaction modes:**
Confidence
96% confidence
Finding
curl -k

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal