qemu-alpine-ssh
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The 'Automation with Expect Scripts' section contains a hardcoded password ('password123'). This violates security best practices and poses a high risk if the template is executed without modification.
- COMMAND_EXECUTION (MEDIUM): The diagnostic commands include destructive process management ('pkill -9 qemu-system'). This capability can be leveraged to disrupt legitimate virtualization services on the host system.
- EXTERNAL_DOWNLOADS (LOW): The Alpine configuration steps require downloading packages from remote repositories ('apk add openssh'). While the source is standard, it establishes a runtime dependency on external network resources.
- INSECURE_CONFIGURATION (INFO): The provided commands explicitly enable root login over SSH ('PermitRootLogin yes') and password-based authentication, creating a vulnerable default state for the virtual machine.
Recommendations
- AI detected serious security threats
Audit Metadata