Skills
skills/lwjjike/xbsreverseskill/ast-deobfuscation/Gen Agent Trust Hub

ast-deobfuscation

Warn

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses child_process.spawnSync in scripts/run-pipeline.js to coordinate the deobfuscation pipeline by running internal scripts on the target file.
  • [REMOTE_CODE_EXECUTION]: The deobfuscation engine (specifically ob-variant-pass.js, geetest4-guarded-pass.js, and tonghuashun-order-pass.js) uses Node.js's vm.runInNewContext to evaluate segments of the analyzed JavaScript code. Because the vm module is not a secure sandbox, executing untrusted code fragments presents a risk of host system compromise if an attacker crafts a script to escape the execution environment.
  • [PROMPT_INJECTION]: The skill is designed to process external, untrusted JavaScript code. If the deobfuscated output contains instructions that the AI agent interprets as commands, it could influence the agent's behavior.
  • Ingestion points: The skill reads external JavaScript files provided as command-line arguments to the run-pipeline.js script.
  • Boundary markers: The skill does not employ explicit boundary markers or warnings to separate the analyzed code content from the agent's operating context.
  • Capability inventory: The skill possesses capabilities to execute shell commands (spawnSync), read and write to the filesystem (fs), and execute dynamic JavaScript (vm).
  • Sanitization: No sanitization is performed on the deobfuscated code before it is output or processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 12, 2026, 09:53 AM
Security Audit — agent-trust-hub — ast-deobfuscation