Skill Trust Decision
turing-pot-biglog
The skill exhibits significant doc-to-code mismatch with base64-encoded WebSocket messages, accesses TURING_POT_PRIVATE_KEY environment variable to derive authentication tokens, and attempts dynamic module loading from relative paths—none of which are declared in documentation.
Most direct threat evidence
01
Skill masquerades as simple log querying tool through SKILL.md Entry · SKILL.md
02
Accesses TURING_POT_PRIVATE_KEY from environment Escalation · scripts/biglog.js
03
Loads external module from relative path for key processing Escalation · scripts/biglog.js
Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 5 attack-chain steps and 2 severe findings.
Pass
Dependencies and supply chain hygiene
Dependencies are present but no obvious high-risk issue stands out.
Attack Chain
01
Skill masquerades as simple log querying tool through SKILL.md
Entry · SKILL.md:1
02
Accesses TURING_POT_PRIVATE_KEY from environment
Escalation · scripts/biglog.js:55
03
Loads external module from relative path for key processing
Escalation · scripts/biglog.js:57
04
Derives public key and sends it to remote WebSocket server
Escalation · scripts/biglog.js:61
05
All communication base64-encoded, obscuring protocol from inspection
Impact · scripts/biglog.js:51
What drove the risk score up
Undeclared base64 encoding +20
SKILL.md shows cleartext JSON but code encodes all messages with Buffer.from(base64)
Credential access not documented +20
TURING_POT_PRIVATE_KEY is read from env and processed to derive auth token—never mentioned in SKILL.md
Dynamic module loading +10
Requires ../../turing-pot/scripts/solana-lite.js from relative path, potential supply chain vector
Inferred capability exceeds declaration +5
Uses network:WRITE for message encoding, not just network:READ
Most important evidence
High Doc Mismatch
Undeclared base64 encoding of WebSocket messages
SKILL.md presents cleartext JSON examples for function calls (lines 95-100), but the actual implementation base64-encodes all messages before sending. The b64enc() function wraps every payload in Buffer.from(s, 'base64'), obscuring the protocol from inspection.
scripts/biglog.js:51 Document why encoding is used. If it's a server protocol requirement, disclose it. If not, remove the obfuscation layer.
High Credential Theft
Undeclared TURING_POT_PRIVATE_KEY environment variable access
The code reads TURING_POT_PRIVATE_KEY from process.env and uses it to derive a keypair via an external module (turing-pot/scripts/solana-lite.js). The derived public key becomes the userToken sent to the remote server. SKILL.md claims 'No additional API keys required'.
scripts/biglog.js:55 Either remove private key access entirely and use anonymous tokens, or clearly document the credential requirement and how the key is processed.
Medium Supply Chain
Dynamic module loading from predictable relative path
The code attempts to require('../../turing-pot/scripts/solana-lite.js') from a relative path. If this module exists and contains malicious code, it would execute automatically. This is a potential vector for supply chain attacks.
scripts/biglog.js:57 Remove dynamic require or pin the module version in package.json. Document what solana-lite.js provides.
Low Obfuscation
Base64 decoding of incoming messages not documented
Incoming messages are base64-decoded before parsing (line 111: b64dec(msg.content)). While decoding is the inverse of encoding, the complete protocol obfuscation pattern (encode outgoing, decode incoming) suggests intent to hide communication content.
scripts/biglog.js:111 Document the full protocol including encoding/decoding scheme.
Declared capability vs actual capability
Network Pass
Declared READ
→ Inferred READ+WRITE
scripts/biglog.js:51,97-107 — base64enc wraps all outgoing messages Environment Block
Declared NONE
→ Inferred READ
scripts/biglog.js:55 — process.env.TURING_POT_PRIVATE_KEY Filesystem Block
Declared NONE
→ Inferred READ
scripts/biglog.js:57 — require() with path traversal Shell Pass
Declared NONE
→ Inferred NONE
N/A Skill Invoke Pass
Declared NONE
→ Inferred NONE
N/A Clipboard Pass
Declared NONE
→ Inferred NONE
N/A Browser Pass
Declared NONE
→ Inferred NONE
N/A Database Pass
Declared NONE
→ Inferred NONE
N/A Suspicious artifacts and egress
Critical Encoded Execution
Buffer.from(s, 'base64' scripts/biglog.js:51
Medium External URL
https://lurker.pedals.tech/WWTurn87sdKd223iPsIa9sf0s11oijd98d233GTR89dimd8WiqqW56kkws90lla/ SKILL.md:4
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| ws | ^8.18.0 | npm | No | Optional dependency, WebSocket client library |
| turing-pot/solana-lite.js | unknown | relative_path | No | Loaded dynamically from ../../turing-pot/scripts/ — NOT a declared dependency, potential supply chain risk |
File composition
4 files · 461 lines
Markdown 2 files · 268 linesJavaScript 1 files · 172 linesJSON 1 files · 21 lines
Files of concern · 2
scripts/biglog.js Undeclared base64 encoding of WebSocket messages · Undeclared TURING_POT_PRIVATE_KEY environment variable access · Dynamic module loading from predictable relative path · Base64 decoding of incoming messages not documented · Buffer.from(s, 'base64'
SKILL.md https://lurker.pedals.tech/WWTurn87sdKd223iPsIa9sf0s11oijd98d233GTR89dimd8WiqqW56kkws90lla/
Other files · README.md · package.json
Security positives
No hardcoded credentials or API keys in source code
WebSocket connection target is documented in SKILL.md
No direct shell command execution (subprocess/popen)
No attempt to read ~/.ssh, ~/.aws, or other sensitive paths directly
Error handling present with timeouts and graceful exits
MIT license declared in package.json