安全决策报告
VLAN Linux Client Skill
Skill instructs users to pipe a remote script from an unverified source into bash with SSL verification disabled (-k flag), enabling trivial man-in-the-middle attack and arbitrary code execution on the target system.
最直接的威胁证据
严重 供应链
Remote script piped to bash without integrity verification The skill's primary installation method is 'curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh'. This fetches and executes arbitrary code from a remote HTTP(S) endpoint with no checksum, GPG signature, or content inspection. An attacker who intercepts the request (especially with -k disabling cert validation) can inject arbitrary code running as root.
SKILL.md:17 为什么得出这个结论
2/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
阻止
隐藏执行与外联
提取到 2 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 4 步攻击链,另有 3 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
Attacker performs MITM on network path to dl.vlan.cn or compromises the domain
delivery · SKILL.md:17
02
Attacker serves a malicious install.sh script instead of the legitimate one
exploitation · SKILL.md:17
03
User executes 'curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh' — malicious script runs as root
权限提升 · SKILL.md:17
04
Attacker gains full root access: backdoor installation, credential theft, persistence, lateral movement
最终危害 · SKILL.md:17
风险分是怎么被拉高的
Remote script piped to shell +40
SKILL.md documents 'curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh' as the primary installation method — no checksum, no GPG verification, arbitrary code execution
SSL verification disabled (-k flag) +20
The -k flag disables SSL certificate verification, making the curl|sh chain trivially interceptable via MITM, compounding the remote execution risk
Destructive command in documentation +10
SKILL.md line 193 references 'rm -rf /' — a destructive command; this could be accidental but adds to the concerning pattern
最关键的证据
严重 供应链
Remote script piped to bash without integrity verification
The skill's primary installation method is 'curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh'. This fetches and executes arbitrary code from a remote HTTP(S) endpoint with no checksum, GPG signature, or content inspection. An attacker who intercepts the request (especially with -k disabling cert validation) can inject arbitrary code running as root.
SKILL.md:17 Remove the curl|sh installation method entirely. If installation guidance is needed, provide distribution-package install commands (apt, yum, dnf) or direct the user to download a binary with a published checksum and GPG signature.
严重 供应链
SSL certificate verification disabled in installation command
The -k flag in curl disables SSL certificate verification. Combined with piping to sh, this creates a trivially exploitable MITM + RCE chain. An attacker on the network path can serve a malicious install script that compromises the system.
SKILL.md:17 Remove the -k flag. Use HTTPS with proper certificate validation and add SHA256/checksum verification of the downloaded artifact before execution.
高危 凭证窃取
Encourages passing passwords as plaintext command-line arguments
The skill documents 'vlancli login <username> <password>' which exposes credentials in process arguments (visible in ps, shell history, and /proc). The 'recommended' login code method is better but the password method is still presented as a valid option.
SKILL.md:26 Remove the password-as-argument login example entirely. Only document interactive or environment-variable-based credential passing methods.
中危 文档欺骗
Dangerous shell command reference in documentation body
SKILL.md line 193 contains 'rm -rf /' — a destructive filesystem operation. While this is likely a documentation artifact or mistake, it is extremely dangerous if the LLM reproduces it verbatim in responses.
SKILL.md:193 Remove or correct the 'rm -rf /' reference. Use specific, safe path examples (e.g., 'sudo rm -rf /usr/local/vlan') as shown elsewhere in the same document.
声明能力 vs 实际能力
没有检测到能力矩阵。
可疑产物与外联
严重 危险命令
curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh README.md:17
严重 危险命令
rm -rf / SKILL.md:193
中危 外部 URL
http://dl.vlan.cn/vlan2.0/linux/install.sh README.md:17
中危 外部 URL
https://www.vlan.cn/guide/linux-client README.md:56
中危 外部 URL
https://www.vlan.cn README.md:57
依赖与供应链
没有结构化依赖告警。
文件构成
2 个文件 · 257 行
Markdown 2 个文件 · 257 行
需关注文件 · 2
SKILL.md Remote script piped to bash without integrity verification · SSL certificate verification disabled in installation command · Encourages passing passwords as plaintext command-line arguments · Dangerous shell command reference in documentation body · rm -rf /
README.md curl -kfsSL http://dl.vlan.cn/vlan2.0/linux/install.sh | sh · http://dl.vlan.cn/vlan2.0/linux/install.sh · https://www.vlan.cn/guide/linux-client · https://www.vlan.cn
安全亮点
No executable code/scripts present in the skill — pure documentation only
Skill does not declare any allowed tools beyond documented CLI commands
No environment variable access, no file writes, no network calls from skill code
The skill correctly recommends login-code authentication over password-in-command