hetzner-server
Audited by Socket on Feb 15, 2026
1 alert found:
Malware[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill documentation is functionally coherent with its purpose (managing Hetzner servers), but it contains high-risk operational patterns: unverified download-and-execute of a remote install script (curl | bash) executed as root via cloud-init, and encouragement of SSH agent forwarding. Those patterns are common in dev workflows but represent supply-chain and credential-exposure risks if the remote repository or the created servers are compromised. Recommend treating the remote install script as untrusted until verified: pin to a commit, verify checksums or signatures, and avoid automatic root execution of unverified code. Prefer restricting use of agent-forwarding to trusted, ephemeral environments and use least-privilege Hetzner API tokens. Overall: not overtly malicious, but suspicious/risky due to insecure practices that enable supply-chain compromise. LLM verification: The skill's described functionality matches its stated purpose (Hetzner server lifecycle and SSH workflows). No clear malware or obfuscation is present in the provided text, but there are notable security risks: piping an unverified remote script into bash and encouraging SSH agent forwarding (ForwardAgent yes) without strong warnings. These practices can lead to arbitrary code execution or credential misuse if the remote script or the server is compromised. Recommend removing direct curl|bash e