中文 EN
Start Review
Skill Trust Decision

VLAN Linux Client Skill

Skill instructs users to pipe a remote script from an unverified source into bash with SSL verification disabled (-k flag), enabling trivial man-in-the-middle attack and arbitrary code execution on the target system.

Install decision first Source: Manual upload Scanned: Apr 4, 2026
Files 2
Artifacts 5
Violations 0
Findings 4
Most direct threat evidence
Critical Supply Chain
Remote script piped to bash without integrity verification

The skill's primary installation method is 'curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh'. This fetches and executes arbitrary code from a remote HTTP(S) endpoint with no checksum, GPG signature, or content inspection. An attacker who intercepts the request (especially with -k disabling cert validation) can inject arbitrary code running as root.

SKILL.md:17

Why this conclusion was reached

2/4 dimensions flagged
Pass
Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Block
Hidden execution and egress

2 high-risk artifacts or egress signals were extracted.

Block
Attack chain and severe findings

The report includes 4 attack-chain steps and 3 severe findings.

Review
Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

Attack Chain

01
Attacker performs MITM on network path to dl.vlan.cn or compromises the domain

delivery · SKILL.md:17

02
Attacker serves a malicious install.sh script instead of the legitimate one

exploitation · SKILL.md:17

03
User executes 'curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh' — malicious script runs as root

Escalation · SKILL.md:17

04
Attacker gains full root access: backdoor installation, credential theft, persistence, lateral movement

Impact · SKILL.md:17

What drove the risk score up

Remote script piped to shell +40

SKILL.md documents 'curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh' as the primary installation method — no checksum, no GPG verification, arbitrary code execution

SSL verification disabled (-k flag) +20

The -k flag disables SSL certificate verification, making the curl|sh chain trivially interceptable via MITM, compounding the remote execution risk

Destructive command in documentation +10

SKILL.md line 193 references 'rm -rf /' — a destructive command; this could be accidental but adds to the concerning pattern

Most important evidence

Critical Supply Chain

Remote script piped to bash without integrity verification

The skill's primary installation method is 'curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh'. This fetches and executes arbitrary code from a remote HTTP(S) endpoint with no checksum, GPG signature, or content inspection. An attacker who intercepts the request (especially with -k disabling cert validation) can inject arbitrary code running as root.

SKILL.md:17
Remove the curl|sh installation method entirely. If installation guidance is needed, provide distribution-package install commands (apt, yum, dnf) or direct the user to download a binary with a published checksum and GPG signature.
Critical Supply Chain

SSL certificate verification disabled in installation command

The -k flag in curl disables SSL certificate verification. Combined with piping to sh, this creates a trivially exploitable MITM + RCE chain. An attacker on the network path can serve a malicious install script that compromises the system.

SKILL.md:17
Remove the -k flag. Use HTTPS with proper certificate validation and add SHA256/checksum verification of the downloaded artifact before execution.
High Credential Theft

Encourages passing passwords as plaintext command-line arguments

The skill documents 'vlancli login <username> <password>' which exposes credentials in process arguments (visible in ps, shell history, and /proc). The 'recommended' login code method is better but the password method is still presented as a valid option.

SKILL.md:26
Remove the password-as-argument login example entirely. Only document interactive or environment-variable-based credential passing methods.
Medium Doc Mismatch

Dangerous shell command reference in documentation body

SKILL.md line 193 contains 'rm -rf /' — a destructive filesystem operation. While this is likely a documentation artifact or mistake, it is extremely dangerous if the LLM reproduces it verbatim in responses.

SKILL.md:193
Remove or correct the 'rm -rf /' reference. Use specific, safe path examples (e.g., 'sudo rm -rf /usr/local/vlan') as shown elsewhere in the same document.

Declared capability vs actual capability

No capability matrix was produced.

Suspicious artifacts and egress

Critical Dangerous Command
curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh

README.md:17

Critical Dangerous Command
rm -rf /

SKILL.md:193

Medium External URL
http://dl.vlan.cn/vlan2.0/linux/install.sh

README.md:17

Medium External URL
https://www.vlan.cn/guide/linux-client

README.md:56

Medium External URL
https://www.vlan.cn

README.md:57

Dependencies and supply chain

There are no structured dependency warnings.

File composition

2 files · 257 lines
Markdown 2 files · 257 lines
Files of concern · 2
SKILL.md Markdown · 200 lines
Remote script piped to bash without integrity verification · SSL certificate verification disabled in installation command · Encourages passing passwords as plaintext command-line arguments · Dangerous shell command reference in documentation body · rm -rf /
README.md Markdown · 57 lines
curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh · http://dl.vlan.cn/vlan2.0/linux/install.sh · https://www.vlan.cn/guide/linux-client · https://www.vlan.cn

Security positives

No executable code/scripts present in the skill — pure documentation only
Skill does not declare any allowed tools beyond documented CLI commands
No environment variable access, no file writes, no network calls from skill code
The skill correctly recommends login-code authentication over password-in-command