emulating-cloud-attacks-with-stratus-red-team
Fail
Audited by Snyk on Jun 23, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). This is high-risk: the package and helper script explicitly automate offensive cloud techniques (credential theft, data exfiltration, persistence, remote execution) and will perform real malicious API actions when run with valid cloud credentials — intended for authorized red-team use but easily abused if executed against accounts without consent; the provided agent.py itself contains no obfuscated backdoor or hidden network exfiltration, it simply drives the stratus CLI which carries out the attacks.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill relies on fetching and executing remote code at runtime — e.g., the docker example pulls and runs ghcr.io/datadog/stratus-red-team and the installation references https://github.com/DataDog/stratus-red-team while the tool also downloads Terraform provider plugins over outbound HTTPS during warmup — so external URLs are used to fetch code that is executed.
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata