Skill Trust Decision
varg-ai
远程脚本执行命令存在于安装提示中,虽未实际执行但存在文档-行为偏差;chmod权限声明过于宽泛但未实际越权使用。整体为合法的AI视频生成工具,无恶意意图证据。
Most direct threat evidence
Critical Dangerous Command
curl -fsSL https://bun.sh/install | bash Why this conclusion was reached
1/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Pass
Attack chain and severe findings
There is no explicit malicious chain in the report.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
远程脚本管道执行(未执行) +25
scripts/setup.sh:187 显示 curl -fsSL https://bun.sh/install | bash,SKILL.md未明确说明本地渲染需执行远程脚本安装
权限声明宽泛 +15
Bash(chmod:*) 允许任意修改文件权限,但代码中仅使用 chmod 600 ~/.varg/credentials
Most important evidence
Medium
远程脚本管道执行提示
setup.sh 第187行提示用户执行 curl -fsSL https://bun.sh/install | bash,该命令通过管道将远程脚本直接传入bash执行。虽然未实际执行(仅为echo打印),但SKILL.md未明确说明安装bun的方式和风险。
scripts/setup.sh:187 使用包管理器安装bun(如 brew install bun)或先下载脚本审查后再执行
Low
chmod权限声明过于宽泛
SKILL.md声明 Bash(chmod:*),允许修改任意文件权限。实际使用中仅用 chmod 600 设置凭证文件权限。
SKILL.md:18 收窄为 Bash(chmod:600) 或明确说明需要chmod的场景
Info
凭证文件写入操作
setup.ts 和 setup.sh 均会将API密钥写入 ~/.varg/credentials,路径为用户home目录,符合BYOK工具的合理需求。
scripts/setup.ts:34 无需修改,注意凭证文件安全性
Declared capability vs actual capability
Filesystem Pass
Declared WRITE
→ Inferred WRITE
SKILL.md 声明 Read/Write/Edit;setup.ts 写入 ~/.varg/credentials Network Pass
Declared READ
→ Inferred READ
仅使用 curl 调用 varg.ai API,无其他网络行为 Shell Pass
Declared WRITE
→ Inferred WRITE
使用 Bash 调用 bun/curl/npx,权限与使用相符 Environment Pass
Declared READ
→ Inferred READ
仅读取 VARG_API_KEY 等声明的 env keys Suspicious artifacts and egress
Critical Dangerous Command
curl -fsSL https://bun.sh/install | bash scripts/setup.sh:187
Medium External URL
https://app.varg.ai/api/auth/cli/send-otp SKILL.md:76
Medium External URL
https://app.varg.ai/api/auth/cli/verify-otp SKILL.md:83
Medium External URL
https://api.varg.ai/v1/balance SKILL.md:103
Medium External URL
https://app.varg.ai/api/billing/checkout SKILL.md:134
Medium External URL
https://app.varg.ai SKILL.md:137
Medium External URL
https://checkout.stripe.com/... SKILL.md:140
Medium External URL
https://app.varg.ai/dashboard** SKILL.md:144
Medium External URL
https://render.varg.ai/api/render SKILL.md:173
Medium External URL
https://render.varg.ai/api/render/jobs/JOB_ID SKILL.md:179
Medium External URL
https://api.varg.ai/v1/image SKILL.md:219
Medium External URL
https://fal.ai/dashboard/keys references/byok.md:32
Dependencies and supply chain
There are no structured dependency warnings.
File composition
13 files · 3833 lines
Markdown 11 files · 3397 linesTypeScript 1 files · 233 linesShell 1 files · 203 lines
Files of concern · 9
references/templates.md https://render.varg.ai/api/render/jobs/$JOB_ID
references/components.md https://s3.varg.ai/logos/brand.png
references/recipes.md https://s3.varg.ai/clients/birthday/portrait.jpg
SKILL.md chmod权限声明过于宽泛 · https://app.varg.ai/api/auth/cli/send-otp · https://app.varg.ai/api/auth/cli/verify-otp · https://api.varg.ai/v1/balance · https://app.varg.ai/api/billing/checkout · https://app.varg.ai · https://checkout.stripe.com/... · https://app.varg.ai/dashboard** · https://render.varg.ai/api/render · https://render.varg.ai/api/render/jobs/JOB_ID · https://api.varg.ai/v1/image
references/gateway-api.md https://api.varg.ai/v1 · https://s3.varg.ai/uploads/character.png · https://s3.varg.ai/o/abc123.mp4 · https://render.varg.ai · https://s3.varg.ai/renders/1710345600_abc123.mp4 · https://s3.varg.ai/cache/def456.png
scripts/setup.ts 凭证文件写入操作 · https://api.varg.ai
scripts/setup.sh 远程脚本管道执行提示 · curl -fsSL https://bun.sh/install | bash · https://bun.sh/install
references/byok.md https://fal.ai/dashboard/keys · https://elevenlabs.io/app/settings/api-keys · https://higgsfield.ai · https://replicate.com/account/api-tokens · https://api.varg.ai/v1/speech
references/cloud-render.md https://jqlang.github.io/jq/ · https://s3.varg.ai/renders/xxx.mp4 · https://render.varg.ai/api/render/jobs/JOB_ID/stream
Other files · prompting.md · models.md · common-errors.md
Security positives
无凭证收割或数据外泄行为
API密钥处理规范(使用变量引用而非明文)
凭证仅存储于本地 ~/.varg/ 目录
远程curl调用均为可信的varg.ai官方API
代码结构清晰,无混淆或隐藏逻辑
setup.sh中危险命令仅为提示信息,未实际执行