rustdesk-doctor
Fail
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Executes a variety of system diagnostic commands including process discovery (ps), network socket listing (lsof), and routing table inspection (route).
- [COMMAND_EXECUTION]: Pipes data from a local Unix socket (/var/tmp/verge/verge-mihomo.sock) to a Python interpreter. This pattern is used to parse connection metadata, rules, and configurations from a local proxy service.
- [COMMAND_EXECUTION]: Directly interpolates user-provided arguments into shell commands such as 'nc', 'route', and 'ssh' without explicit sanitization, which could lead to command injection if malicious arguments are provided.
- [CREDENTIALS_UNSAFE]: Accesses sensitive RustDesk configuration files (RustDesk2.toml, RustDesk_local.toml) and log files which may contain connection IDs, settings, or other private metadata.
- [CREDENTIALS_UNSAFE]: Attempts to read SSH public keys (/root/id_ed25519.pub) on the remote server as part of the diagnostic routine.
- [REMOTE_CODE_EXECUTION]: Executes a multi-line diagnostic script on a remote server via SSH. While intended for server troubleshooting, this involves running code with root privileges on a target defined by user input.
Recommendations
- HIGH: Downloads and executes remote code from: http://localhost/connections, http://localhost/configs, http://localhost/rules - DO NOT USE without thorough review
Audit Metadata