Skill Trust Decision

gangtise-kb

Name: gangtise-kb Trust Review Report
Item: gangtise-kb
Rating: 28
Author: ClawSafe

Skill contains multiple critical security issues: disabled SSL verification enabling MITM attacks, undeclared subprocess execution, and references to a non-existent binary file.

Install decision first Source: Manual upload Scanned: Apr 5, 2026

Files 7

Artifacts 1

Violations 2

Findings 6

Most direct threat evidence

Critical RCE

Undeclared subprocess execution with missing binary

gangtise_kb_skill.py uses subprocess.run() to execute gangtise-kb/gangtise-kb.py which does not exist in the file tree. This creates a security blind spot where arbitrary code could be injected.

gangtise_kb_skill.py:41

Why this conclusion was reached

2/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

1 lower-risk artifacts were extracted and still need context.

Block

Attack chain and severe findings

The report includes 4 attack-chain steps and 4 severe findings.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

Attack Chain

User installs skill following SKILL.md documentation

Entry · SKILL.md:1

Disabled SSL verification allows MITM interception of credentials

network · scripts/get_token.py:51

subprocess execution of non-existent binary

Escalation · gangtise_kb_skill.py:41

Potential credential theft through MITM attack

Impact · scripts/get_token.py:51

What drove the risk score up

Disabled SSL certificate verification +35

All network scripts use ssl.CERT_NONE allowing MITM attacks on credential transmission

Undeclared subprocess execution +20

gangtise_kb_skill.py uses subprocess to call gangtise-kb/gangtise-kb.py, not mentioned in SKILL.md

Missing binary file +10

Code references gangtise-kb/gangtise-kb.py which does not exist in the file tree

Real credentials in config.json +7

Production API keys present in config.json file

Most important evidence

Critical RCE

Undeclared subprocess execution with missing binary

gangtise_kb_skill.py uses subprocess.run() to execute gangtise-kb/gangtise-kb.py which does not exist in the file tree. This creates a security blind spot where arbitrary code could be injected.

gangtise_kb_skill.py:41

Document subprocess usage in SKILL.md or remove this wrapper entirely if the binary is not part of the skill package

Critical Data Exfil

SSL certificate verification disabled on all API calls

All scripts disable SSL verification using ssl.CERT_NONE or _create_unverified_context(). This allows Man-in-the-Middle attacks to intercept credentials and API responses.

get_token.py:51

Use default SSL context with proper certificate verification, or pin certificates if required

Critical Data Exfil

SSL verification disabled in query script

query_kb.py also disables SSL verification at line 69-71, creating same MITM vulnerability.

scripts/query_kb.py:69

Remove SSL verification bypass

High Data Exfil

SSL verification disabled in temp_query.py

temp_query.py uses ssl._create_unverified_context() for all HTTPS requests.

scripts/temp_query.py:15

Remove SSL verification bypass

Medium Doc Mismatch

SKILL.md does not declare shell execution capability

The main skill file gangtise_kb_skill.py uses subprocess to execute external binaries, but SKILL.md only documents Bash scripts for configuration. No mention of Python subprocess usage.

gangtise_kb_skill.py:41

Document all execution methods in SKILL.md capabilities section

Medium Priv Escalation

Temporary file creation with cleanup race condition

gangtise_kb_skill.py creates temporary files in /tmp and relies on os.unlink() for cleanup. This could expose sensitive data if deletion fails or during crash scenarios.

gangtise_kb_skill.py:45

Use delete=True or handle file cleanup more securely

Declared capability vs actual capability

Filesystem Block

Declared NONE

→

Inferred WRITE

gangtise_kb_skill.py:45 writes temp files

Network Pass

Declared READ

→

Inferred READ

API calls to open.gangtise.com in all scripts

Shell Block

Declared NONE

→

Inferred WRITE

gangtise_kb_skill.py:41-55 uses subprocess.run()

Suspicious artifacts and egress

Medium External URL

https://open.gangtise.com

SKILL.md:18

Dependencies and supply chain

There are no structured dependency warnings.

File composition

7 files · 781 lines

Python 5 files · 576 linesMarkdown 1 files · 201 linesJSON 1 files · 4 lines

Files of concern · 6

scripts/get_token.py Python · 98 lines

config.json JSON · 4 lines

scripts/query_kb.py Python · 195 lines

SSL verification disabled in query script

SKILL.md Markdown · 201 lines

https://open.gangtise.com

scripts/temp_query.py Python · 101 lines

SSL verification disabled in temp_query.py

gangtise_kb_skill.py Python · 87 lines

Undeclared subprocess execution with missing binary · SKILL.md does not declare shell execution capability · Temporary file creation with cleanup race condition

Other files · configure.py

Security positives

Credentials stored with restrictive permissions (0o600) by configure.py

Proper input validation and error handling in authentication flow

Clear documentation of API endpoints in SKILL.md

Credentials are not hardcoded in scripts, loaded from config.json