Skills
skills/ascend/agent-skills/swanlab-setup/Gen Agent Trust Hub

swanlab-setup

Warn

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The function swanlab_setup_for_container in scripts/functions.sh is vulnerable to shell command injection. It interpolates variables like SWANLAB_API_KEY and SWANLAB_HOST directly into a shell command string that is executed via docker exec bash -c. A maliciously crafted API key or host address could trigger arbitrary command execution within the target container.
  • [EXTERNAL_DOWNLOADS]: The skill installs the swanlab package from the Python Package Index (PyPI) using pip install as part of its setup and login routines.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 23, 2026, 02:16 AM