rustdesk-doctor

Fail

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes a variety of system diagnostic commands including process discovery (ps), network socket listing (lsof), and routing table inspection (route).
  • [COMMAND_EXECUTION]: Pipes data from a local Unix socket (/var/tmp/verge/verge-mihomo.sock) to a Python interpreter. This pattern is used to parse connection metadata, rules, and configurations from a local proxy service.
  • [COMMAND_EXECUTION]: Directly interpolates user-provided arguments into shell commands such as 'nc', 'route', and 'ssh' without explicit sanitization, which could lead to command injection if malicious arguments are provided.
  • [CREDENTIALS_UNSAFE]: Accesses sensitive RustDesk configuration files (RustDesk2.toml, RustDesk_local.toml) and log files which may contain connection IDs, settings, or other private metadata.
  • [CREDENTIALS_UNSAFE]: Attempts to read SSH public keys (/root/id_ed25519.pub) on the remote server as part of the diagnostic routine.
  • [REMOTE_CODE_EXECUTION]: Executes a multi-line diagnostic script on a remote server via SSH. While intended for server troubleshooting, this involves running code with root privileges on a target defined by user input.
Recommendations
  • HIGH: Downloads and executes remote code from: http://localhost/connections, http://localhost/configs, http://localhost/rules - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — rustdesk-doctor