obliteratus

Fail

Audited by Snyk on May 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill is explicitly designed to remove LLM safety guardrails and contains several deliberate abuse-enabling features (conditional/targeted ablation, an "inverted" mode to force compliance, batch/tournament processing for scale, instructions to publish/serve ablated models, and CLI-vs-API gating that hides more powerful Python-only methods), plus ambiguous telemetry/upload capabilities — together these indicate intentional malicious intent to create and distribute uncensored models.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's required installation step (SKILL.md Step 1) instructs cloning and installing the OBLITERATUS code from a public GitHub repository and the workflow repeatedly references downloading/using public models (HuggingFace model names) and telemetry-driven recommendations, so it clearly fetches and executes untrusted third‑party content that can materially change tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill's installation step explicitly runs git clone https://github.com/elder-plinius/OBLITERATUS.git followed by pip install -e ., which fetches remote code and installs/executes it as a required dependency for the skill.

Issues (3)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 16, 2026, 01:45 PM
Issues
3
Security Audit — snyk — obliteratus