node-ops
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands on remote nodes via the
node-ops runcommand (e.g.,node-ops run --node-id 123 --command "ls -la"). This capability can be exploited to achieve Remote Code Execution (RCE) on connected nodes if the command string is influenced by untrusted data. - [DATA_EXFILTRATION]: The skill is designed to capture and transmit highly sensitive information, including camera snapshots, screen recordings, and precise GPS location data, to an external API endpoint at
api.distributed-comms.com. - [EXTERNAL_DOWNLOADS]: The documentation indicates a dependency on external SDKs and libraries, specifically the
node-ops-sdkNode.js package and thenode_opsPython library, which are required for the skill to function but are hosted in external registries.
Recommendations
- AI detected serious security threats
Audit Metadata