verl-deploy
Fail
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: Orchestrates Docker containers using the --privileged flag and mounts extensive host directories including /home, /mnt, and system-level Ascend paths, granting the container full access to the host hardware and user data.
- [COMMAND_EXECUTION]: Dynamically generates and executes shell scripts (start_verl.sh and run_training.sh) by injecting user-provided parameters into templates using sed, which constitutes a runtime script generation and execution pattern.
- [COMMAND_EXECUTION]: Performs mass process termination (pkill -9 python) and service manipulation (ray stop --force) on the host system as part of the environment preparation and cleanup phases.
- [CREDENTIALS_UNSAFE]: Requests a SWANLAB_API_KEY from the user and processes it via shell environment variables and standard input redirection, which may lead to credential exposure in process lists or local configuration files like ~/.swanlab/config.json.
- [EXTERNAL_DOWNLOADS]: Fetches Docker images from quay.io and Python packages from PyPI to set up the training environment, targeting well-known services and vendor-controlled infrastructure.
Recommendations
- AI detected serious security threats
Audit Metadata