k3s-backup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (CRITICAL): The skill instructs the agent to execute a remote script directly from the internet using a piped shell.
- Evidence: The 'Recovery After Complete Failure' section contains `curl -sfL https://get.k3s.io | ... sh -s
- server`, which is a classic piped remote execution pattern targeting an unverified (non-trusted) source.
- [Privilege Escalation] (HIGH): The skill performs numerous operations requiring root privileges and modifies sensitive system paths.
- Evidence: Extensive use of
sudoto create scripts in/usr/local/bin/and/root/. - Evidence: Manual modification of
/etc/crontaband/etc/systemd/system/. - [Data Exposure & Exfiltration] (HIGH): The skill accesses and packages sensitive Kubernetes credentials and security tokens.
- Evidence: The backup targets
/var/lib/rancher/k3s/server/which contains the cluster 'node-token' and SQLite database, as well as/etc/rancher/k3s/which contains certificates. - [Persistence Mechanisms] (HIGH): The skill establishes multiple permanent triggers for code execution on the host system.
- Evidence: Installation of a systemd service (
k3s-pre-shutdown.service) and a root cron job in/etc/crontab. - [Dynamic Execution] (HIGH): The recovery script performs an unsafe system-wide file restoration.
- Evidence: The command
tar -xzf $BACKUP_FILE -C /ink3s-recovery.shextracts an archive directly to the root directory, allowing for arbitrary file overwrites if the backup file is malicious or tampered with.
Recommendations
- AI detected serious security threats
Audit Metadata