escaping-containers-to-host
Fail
Audited by Snyk on Jun 23, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The document contains explicit, actionable instructions to escape containers and achieve host-level compromise (exfiltrate /etc/shadow, spawn privileged host-root containers via Docker socket, install persistent keys/manifests, exploit runC CVEs and cgroup release_agent), which are high-risk offensive capabilities that enable clear malicious abuse if used without proper authorization.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisites include runtime fetch-and-execute commands (e.g., git clone https://github.com/stealthcopter/deepce.git and curl downloads of https://github.com/genuinetools/amicontained/releases/download/v0.4.9/amicontained-linux-amd64 and https://github.com/cdk-team/CDK/releases/latest/download/cdk_linux_amd64) which clearly download remote executables that the workflow then runs, so these URLs are runtime external dependencies that execute remote code.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs how to break container isolation and obtain host-level code execution (including writing to host files like /etc/shadow, adding SSH keys, creating privileged pod manifests, and using the Docker socket or CVE exploits), which directly compromises the machine state and enables full host takeover.
Issues (3)
E006
CRITICALMalicious code pattern detected in skill scripts.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata