Skills
skills/cafe3310/public-agent-skills/deploy-folder-to-modelscope/Gen Agent Trust Hub

deploy-folder-to-modelscope

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The entry point script scripts/run.py constructs a shell command by interpolating the modelscope_url and deploy_dir variables directly into a string executed via subprocess.run(shell=True). Because these variables are taken from user input without any sanitization or escaping, an attacker can provide a crafted URL (e.g., "; malicious_command; #) to execute arbitrary shell commands on the system.
  • [COMMAND_EXECUTION]: The deployment script scripts/deploy.py is also vulnerable to command injection. It uses subprocess.run(shell=True) to execute commands such as git clone {modelscope_url} {temp_dir} and find {temp_dir} .... Since the modelscope_url is passed as a command-line argument from the entry point script, the injection vulnerability persists throughout the deployment flow.
  • [CREDENTIALS_UNSAFE]: The skill requests a ModelScope repository URL from the user, which typically includes sensitive authentication credentials like OAuth2 tokens (e.g., http://oauth2:ACCESS_TOKEN@www.modelscope.cn/...). This URL is stored in plain text within a .env file in the current working directory. While the skill attempts to add .env to .gitignore, storing secrets in unencrypted files on disk is a security risk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 11:14 PM