rustdesk-doctor
Fail
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes high-privilege system commands including
iptables,tcpdump, andufw. It also initiates SSH sessions as therootuser on external servers provided by the user. - [COMMAND_EXECUTION]: The skill is vulnerable to command injection. User-supplied arguments are directly interpolated into shell commands (e.g.,
route -n get <服务器IP>) without sanitization or validation, allowing an attacker to execute arbitrary commands by crafting the input. - [CREDENTIALS_UNSAFE]: The tool accesses Clash/Mihomo profile files (
.yamland.js), which frequently contain plain-text or base64-encoded credentials, server addresses, and authentication tokens for proxy services. - [REMOTE_CODE_EXECUTION]: Although automated scans identified piping
curltopython3as a remote code execution pattern, analysis indicates this is used locally to process JSON data from a system Unix socket using a hardcoded, static script. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from local application logs and configuration files. This data is interpolated into the agent's context without boundary markers or sanitization, creating an attack surface where log content could influence agent behavior.
Recommendations
- HIGH: Downloads and executes remote code from: http://localhost/configs, http://localhost/connections, http://localhost/rules - DO NOT USE without thorough review
Audit Metadata