msmodelslim-quant

SUSPICIOUS: the skill’s overall purpose is coherent for Ascend NPU quantization, and its main data flows are consistent with that purpose, but it asks the agent to use insecure remote-access patterns (sshpass/plaintext passwords) and weakens package-install trust with an HTTP trusted mirror. This looks more like an operationally risky skill than confirmed malware.

No direct malicious instructions are visible in this snippet, but it performs high-impact supply-chain execution: it runs an unverified install.sh from a mounted directory inside a privileged, host-networked container with device passthrough and extensive host binds. This significantly increases the risk that any tampering in {image_id} or {work_path}/msmodelslim/install.sh could lead to host-level compromise. Mitigate by pinning images by digest, verifying installer integrity/signatures, and minimizing privileges/mount scope.

The fragment itself is not an obvious malware payload, but it performs a high-risk supply-chain operation: it clones an unpinned third-party repository from a remote host and immediately executes its `install.sh` without integrity/provenance verification or sandboxing. This creates a direct path for attacker-controlled code to run in the build/install context.