physical-ai-video-data-augmentation
Audited by Socket on Jun 18, 2026
3 alerts found:
Anomalyx3This workflow fragment does not show explicit malware (no clear exfiltration/backdoor commands are present in the YAML). However, it executes multiple shell scripts and a Python generator originating from {{skills_dir}} (potentially external/submitter-controlled content) and provides those scripts with sensitive credentials and configurable network endpoints. It also performs unpinned runtime pip installs during setup. The dominant concern is supply-chain/control risk rather than directly observable malicious payloads; review and provenance verification of {{skills_dir}} scripts and the generator are essential.
This fragment itself does not show overt malicious logic, but it has meaningful supply-chain/execution trust risks typical of orchestration pipelines: it executes shell/Python artifacts staged from {{skills_dir}}, performs unpinned runtime pip installs during setup, and configures workers to use HTTP VLM/LLM endpoints alongside injected secrets. A definitive malware assessment requires reviewing the executed scripts (/tmp/cosmos_worker.sh, /tmp/pl_augmented_worker.sh, /tmp/generate_configs.py, and endpoint_common.sh/osmo_barrier.py) and the referenced container images to confirm they do not exfiltrate or manipulate data using the provided tokens.
No clear embedded malware is evident; however, this module contains two high-impact, trust-boundary-dependent primitives: (1) it sources a runtime env file into the shell (arbitrary code execution if attacker can influence setup_dir/env contents) and (2) it executes a Python barrier script from caller-provided paths (arbitrary code/process execution if attacker can influence barrier_script/python_bin). It also performs outbound curl probing to base URLs derived from input URLs without allowlisting, enabling SSRF-like network reachability if upstream inputs are not trusted. Overall risk is moderate unless the calling orchestration strictly controls setup_dir/env contents and barrier_script/python_bin and constrains endpoint inputs.