AI Cluster Pre-flight Check Security Report — Low Risk | ClawSafe

10 /100

AI Cluster Pre-flight Check

Pre-flight check for GPU cluster nodes — 26 health checks covering GPU, PCIe, RDMA/IB, Docker, IOMMU, NUMA, firewall, and more

AI Cluster Pre-flight Check is a legitimate GPU cluster node health validation tool performing 26 read-only hardware/network diagnostics. No malicious behavior, credential harvesting, or covert data exfiltration found.

Skill NameAI Cluster Pre-flight Check

Duration54.4s

Enginepi

✓

Safe to install

No blocking action needed. The eval in check_1_25 should be documented explicitly, and dmidecode/iptables root requirements should be stated in SKILL.md for transparency.

Findings 2 items

Severity	Finding	Location
Low	eval on user-supplied SWITCH_CLI_CMD not declared Doc Mismatch check_1_25 uses eval to execute SWITCH_CLI_CMD directly from the environment. While this is user-supplied input (not injection), SKILL.md documents the SWITCH_* env vars as 'switch CLI command' without explicitly calling out the eval usage or potential for arbitrary command execution if the variable is set to unexpected values. `eval "$SWITCH_CLI_CMD"` → Document in SKILL.md that SWITCH_CLI_CMD is executed via eval; recommend using SWITCH_HOST + SWITCH_USER for safer SSH-based switch access instead.	`lib/checks.sh:272`
Low	Root privilege requirements not declared Doc Mismatch Several checks invoke commands that typically require root (dmidecode, iptables, setpci, ibstat, perfquery, mlxlink). SKILL.md does not document that root or sudo access is needed for full coverage. `dmidecode -t bios 2>/dev/null \| head -30` → Add a 'Requirements' section noting that root privileges are needed for checks 1.14, 1.16, 1.19, 1.20, 1.21 to pass fully.	`lib/checks.sh:213`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md declares 'bash' as required binary; preflight.sh uses bash to invoke GP…
Filesystem	`READ`	`READ`	✓ Aligned	Reads /proc/cmdline, /sys/class/net, /sys/class/infiniband, /sys/module; touch/r…
Network	`READ`	`READ`	✓ Aligned	Cross-node SSH and ping checks declared in SKILL.md; cross-node section of check…
Environment	`NONE`	`READ`	✓ Aligned	Reads PREFLIGHT_, MOUNT_POINT, SWITCH_ env vars — all declared in SKILL.md env…
Clipboard	`NONE`	`NONE`	—	Not used
Browser	`NONE`	`NONE`	—	Not used
Database	`NONE`	`NONE`	—	Not used
Skill Invoke	`NONE`	`NONE`	—	Not used

3 findings

🔗

Medium External URL 外部 URL

https://clusterready.xperf.ai/

SKILL.md:19

🔗

Medium External URL 外部 URL

https://xperf.ai/

SKILL.md:24

📧

Info Email 邮箱地址

[email protected]

SKILL.md:138

File Tree

5 files · 30.7 KB · 957 lines

Shell 4f · 819L Markdown 1f · 138L

├─ ▾ 📁 lib

│ ├─ 🔧 checks.sh Shell 443L · 12.9 KB

│ ├─ 🔧 helpers.sh Shell 58L · 2.0 KB

│ └─ 🔧 parser.sh Shell 112L · 3.9 KB

├─ 🔧 preflight.sh Shell 206L · 6.3 KB

└─ 📝 SKILL.md Markdown 138L · 5.5 KB

Security Positives

✓ No credential harvesting — does not access ~/.ssh, ~/.aws, .env, or iterate os.environ for secrets

✓ No data exfiltration — all output is diagnostic; JSON results printed to stdout for the calling agent

✓ No obfuscation — all shell scripts are plain text, no base64, no eval-of-encoded strings

✓ Docker pulls from official nvidia/cuda and rocm/rocm-terminal images — known-good sources

✓ Cross-node capabilities (SSH, ping) are explicitly declared in the check catalog and documentation

✓ Skippable failure classification is a thoughtful UX feature that reduces false positives

✓ No remote script execution (no curl|bash, wget|sh patterns)

✓ No supply chain risks — no external dependencies beyond bash, jq, and system tools

Scan Report

Findings 2 items

File Tree

Security Positives