Skills
skills/wgpsec/aboutsecurity/nacos-exploit/Snyk

nacos-exploit

Fail

Audited by Snyk on Apr 22, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt embeds explicit credentials and a JWT token (e.g., "nacos/nacos" and the accessToken) and directs using them verbatim in requests/payloads, forcing the agent to handle/output secrets directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This content is a high-risk, clearly malicious exploit toolkit: it contains step-by-step payloads and scripts to bypass authentication, exfiltrate credentials/configs, load remote malicious JARs, achieve remote code execution, and install persistent memory webshells/backdoors (Behinder/Godzilla/CMD), including encoded payloads and instructions to host attacker-controlled infrastructure — all indicative of intentional exploitation and backdoor behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and the referenced scripts (references/cve-exploits.md and references/post-exploit.md) explicitly instruct the agent to fetch and interpret responses from arbitrary target Nacos instances (e.g., GET/POST to /nacos/v1/..., /v1/auth/users, /nacos/v1/cs/ops/derby and TCP to port 7848) and then make follow-up exploit decisions based on those untrusted, user-controlled responses, enabling indirect prompt-injection via third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs runtime fetching/execution of remote binaries — e.g., hosting a malicious JAR at http://<vps_ip>:5000/download (used in sqlj.install_jar) and downloading/running the NacosRce tool from https://github.com/c0olw/NacosRce — which are required at runtime and result in remote code execution.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). The document contains a full, high-entropy JWT literal: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6OTk5OTk5OTk5OTl9.-isk56R8NfioHVYmpj4oz92nUteNBCN3HRd0-Hfk76g. It is a complete header.payload.signature JWT string (random-looking signature) and is directly present in the "认证绕过速查" table and elsewhere — this meets the definition of a literal, high-entropy secret that could be usable for authentication, so it should be flagged.

Ignored items:

  • "nacos/nacos" (default credentials) is a low-entropy setup/default password and per rules should not be flagged.
  • "User-Agent: Nacos-Server" and other header/endpoint names are not secrets.

Issues (5)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 22, 2026, 10:09 AM
Issues
5