evolution-api

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] This skill/documentation appears to be legitimate project documentation for Evolution API and does not contain explicit malicious code. However, it includes several supply‑chain and operational risks: it instructs a download-and-execute (curl | bash) for NVM, references pulling an unpinned Docker image (attendai/evolution-api:latest), and demonstrates insecure handling and forwarding of many sensitive credentials (API keys in code and headers, permissive CORS, webhook forwarding). These patterns increase the chance of credential leakage or supply-chain compromise if followed verbatim. Recommendation: treat the documentation as useful but risky until operators harden deployment: avoid piping remote scripts to shell, pin container images to digests, store secrets in secure vaults rather than code/.env in repo, restrict webhook destinations and CORS in production, and rotate/limit API keys. LLM verification: This SKILL.md is documentation for an integration platform and is internally consistent with its stated purpose. There is no direct evidence of malicious code or hidden exfiltration in the supplied content. However, objective supply-chain and operational risks are present: a curl|bash pattern to install nvm, unpinned docker images (:latest), and example configurations that expose many sensitive credentials and insecure defaults (CORS='*', AUTHENTICATION_EXPOSE_IN_FETCH_INSTANCES=true). These mak