grafana-assistant-cli
Fail
Audited by Snyk on Jun 15, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt contains literal API tokens in examples (e.g., "glsa_abcd1234") and documents commands/flags that accept tokens (e.g., -t/--token, --token, env var overrides), which encourages embedding secret values verbatim in generated commands or config — a direct secret-handling/exfiltration risk.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). The skill explicitly implements a remote "tunnel" and installable daemon that allows a remote Grafana Assistant to execute filesystem and terminal tools on the local machine (and can persist as a service), and it exposes mechanisms (passthrough env, configurable allow/deny lists, recommended broad "required_permissions") that could be used to read sensitive files, capture credentials, or exfiltrate data to a remote instance if misconfigured or connected to an untrusted server — this is a high-risk backdoor/exfiltration capability even if intended for legitimate use.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt instructs the agent to request full shell permissions ("required_permissions: ["all"]") which encourages bypassing sandbox/TLS restrictions and documents a "tunnel daemon install" operation (installing a system service) that would modify system files / systemd services and likely require elevated privileges, so it pushes the agent toward actions that change the host state.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata