安全决策报告
rundev-local-dev
The skill describes a legitimate local dev tool but relies on dangerous curl|bash installation and requires opaque system-level modifications including permanent NOPASSWD sudo access.
最直接的威胁证据
01
User executes curl|bash installation command 初始入口 · SKILL.md
02
Remote server serves potentially malicious install.sh delivery · https://getrun.dev/install.sh
03
Install script executes with sudo privileges, creates NOPASSWD rule 权限提升 · install.sh (hidden)
为什么得出这个结论
3/4 个维度触发 阻止
声明与实际能力
发现 1 项声明之外的能力或越权行为。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 5 步攻击链,另有 3 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
攻击链
01
User executes curl|bash installation command
初始入口 · SKILL.md:83
02
Remote server serves potentially malicious install.sh
delivery · https://getrun.dev/install.sh:1
03
Install script executes with sudo privileges, creates NOPASSWD rule
权限提升 · install.sh (hidden):unknown
04
Binary installed to /usr/local/bin, iptables rules set up, hosts modified
持久化 · install.sh (hidden):unknown
05
Malicious binary with permanent sudo access runs with elevated privileges
最终危害 · /usr/local/bin/rundev:unknown
风险分是怎么被拉高的
Dangerous installation pattern (curl|bash) +25
Line 83: Remote script piped directly to bash - classic supply chain attack vector
Undeclared NOPASSWD sudoers rule +15
Installer creates passwordless sudo rule, not declared as capability violation
Opaque install.sh script +10
Install script contents not visible - hidden functionality risk
Prebuilt binary without verification +5
Binary downloaded from remote URL, no source compilation or checksum verification
最关键的证据
高危 供应链
Dangerous curl|bash Installation Pattern
Line 83 executes remote script directly from getrun.dev without verification. This is a well-known attack vector where the remote server could serve different content per request, enabling supply chain compromise.
SKILL.md:83 Download the install script first with 'curl -fsSL https://getrun.dev/install.sh -o install.sh', review contents, then execute locally.
高危 权限提升
Undeclared Permanent Sudoers Rule
The installer creates a NOPASSWD sudoers rule for hosts management. This grants permanent elevated privileges without declaring it as a capability. This rule persists across reboots and could be abused.
SKILL.md:86 Review the sudoers rules installed. Consider using alternative privilege separation or requesting user confirmation for sudo access.
高危 文档欺骗
Hidden Installation Script Contents
The SKILL.md describes what the installer does but the actual install.sh script contents are not visible. Users cannot verify what commands will actually execute, including potential data collection or additional downloads.
SKILL.md:84 Provide the full install.sh script content in the skill documentation for transparency and verification.
中危 供应链
Unverified Prebuilt Binary Download
The installer downloads a prebuilt binary from getrun.dev with no checksum verification. An attacker compromising the domain could serve a malicious binary.
SKILL.md:85 Use the source-based installation: 'git clone && make install' to compile from verified source code.
中危 持久化
System-Level Persistence Mechanisms
Installer sets up persistent configurations: iptables NAT rules, pfctl anchors, hosts file modifications, and state persistence in state.json. These create multiple persistence vectors.
SKILL.md:86 Document all persistence mechanisms clearly and provide easy uninstall to remove all traces.
声明能力 vs 实际能力
文件系统 通过
声明 WRITE
→ 推断 WRITE
SKILL.md:80-85 - /usr/local/bin, /etc/hosts, ~/.config/rundev/ 命令执行 通过
声明 WRITE
→ 推断 WRITE
SKILL.md:83 - curl|bash execution 网络访问 阻止
声明 READ
→ 推断 WRITE
SKILL.md:83 - Downloads binary from getrun.dev 环境变量 通过
声明 NONE
→ 推断 NONE
No environment access declared or observed 技能调用 通过
声明 NONE
→ 推断 NONE
No cross-skill invocation 剪贴板 通过
声明 NONE
→ 推断 NONE
No clipboard access 浏览器 通过
声明 NONE
→ 推断 NONE
No browser automation 数据库 通过
声明 NONE
→ 推断 NONE
No database access 可疑产物与外联
严重 危险命令
curl -fsSL https://getrun.dev/install.sh | bash SKILL.md:83
中危 外部 URL
https://getrun.dev SKILL.md:22
中危 外部 URL
https://getrun.dev/install.sh SKILL.md:83
中危 外部 URL
https://api.myapp.local SKILL.md:193
中危 外部 URL
https://docs.anthropic.com/en/docs/claude-code SKILL.md:257
依赖与供应链
没有结构化依赖告警。
文件构成
1 个文件 · 323 行
Markdown 1 个文件 · 323 行
需关注文件 · 1
SKILL.md Dangerous curl|bash Installation Pattern · Undeclared Permanent Sudoers Rule · Hidden Installation Script Contents · Unverified Prebuilt Binary Download · System-Level Persistence Mechanisms · curl -fsSL https://getrun.dev/install.sh | bash · https://getrun.dev · https://getrun.dev/install.sh · https://api.myapp.local · https://docs.anthropic.com/en/docs/claude-code · [email protected]
安全亮点
Full documentation of what the installer does (though script content is hidden)
Includes automatic rollback on failure
Network rules are localhost-only (127.0.0.1)
Explicit consent screen before system changes
Provides uninstall command to reverse all changes
Source code available on GitHub for verification (though not used by default install)