open-tor

Fail

Audited by Snyk on May 8, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask users for their sudo password when needed (e.g., "What's your sudo password?"), which requires the LLM to accept and potentially echo or embed secret credentials in commands or outputs, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly queries and scrapes arbitrary public third‑party sites (12 .onion search engines in scripts/engines.py and clearnet seeds), fetches arbitrary URLs via torcore.fetch (CORE_ENGINE.md / scripts/torcore.py), and the orchestrator/osint workflow (SKILL.md, scripts/osint.py, scripts/crawl.py) requires the LLM to read and act on that fetched, user-generated/untrusted content, so external pages can materially influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The README/LLM self-install instructions explicitly tell the orchestrator to clone and install the repository (git clone https://github.com/opentor/opentor) and then run pip install / python scripts/setup.py, which fetches remote code at runtime and causes that code to be executed locally, satisfying the criteria for a high-risk external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly tells the agent to ask for the user's sudo password and to run privileged commands (e.g., sudo apt install tor, sudo systemctl start tor, sudo chmod) that modify system state and require elevated privileges, thereby pushing the agent to perform potentially harmful state-changing actions.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
May 8, 2026, 04:10 PM
Issues
4
Security Audit — snyk — open-tor