physical-ai-video-data-augmentation

Warn

Audited by Socket on Jun 18, 2026

3 alerts found:

Anomalyx3
AnomalyLOW
assets/configs/osmo/e2e.yaml

This workflow fragment does not show explicit malware (no clear exfiltration/backdoor commands are present in the YAML). However, it executes multiple shell scripts and a Python generator originating from {{skills_dir}} (potentially external/submitter-controlled content) and provides those scripts with sensitive credentials and configurable network endpoints. It also performs unpinned runtime pip installs during setup. The dominant concern is supply-chain/control risk rather than directly observable malicious payloads; review and provenance verification of {{skills_dir}} scripts and the generator are essential.

Confidence: 60%Severity: 62%
AnomalyLOW
assets/configs/osmo/augmentation_and_al.yaml

This fragment itself does not show overt malicious logic, but it has meaningful supply-chain/execution trust risks typical of orchestration pipelines: it executes shell/Python artifacts staged from {{skills_dir}}, performs unpinned runtime pip installs during setup, and configures workers to use HTTP VLM/LLM endpoints alongside injected secrets. A definitive malware assessment requires reviewing the executed scripts (/tmp/cosmos_worker.sh, /tmp/pl_augmented_worker.sh, /tmp/generate_configs.py, and endpoint_common.sh/osmo_barrier.py) and the referenced container images to confirm they do not exfiltrate or manipulate data using the provided tokens.

Confidence: 60%Severity: 58%
AnomalyLOW
scripts/endpoint_common.sh

No clear embedded malware is evident; however, this module contains two high-impact, trust-boundary-dependent primitives: (1) it sources a runtime env file into the shell (arbitrary code execution if attacker can influence setup_dir/env contents) and (2) it executes a Python barrier script from caller-provided paths (arbitrary code/process execution if attacker can influence barrier_script/python_bin). It also performs outbound curl probing to base URLs derived from input URLs without allowlisting, enabling SSRF-like network reachability if upstream inputs are not trusted. Overall risk is moderate unless the calling orchestration strictly controls setup_dir/env contents and barrier_script/python_bin and constrains endpoint inputs.

Confidence: 66%Severity: 60%
Audit Metadata
Analyzed At
Jun 18, 2026, 04:35 PM
Package URL
pkg:socket/skills-sh/promptingcompany%2Fnv-skills%2Fphysical-ai-video-data-augmentation%2F@505e44c68c7f8840e2b40d0dd2924a42be9cf56d8bb2c19ee9ed09b59713b35d
Security Audit — socket — physical-ai-video-data-augmentation