pbd-cli Security Report — Low Risk | ClawSafe

25 /100

pbd-cli

Command-line tool for PaleBlueDot AI Platform — authentication, API token management, usage/balance queries, and model browsing.

This is a CLI tool wrapper skill for 'pbd-cli' that presents a legitimate credentialed API client, though the `curl|bash` remote script execution pattern presents documented inherent risk.

Skill Namepbd-cli

Duration50.7s

Enginepi

✓

Safe to install

Before installation, verify the install.sh script content at the GitHub source. Prefer downloading the binary release artifact directly rather than piping remote scripts into bash. Audit the binary for network behavior before granting it credential access.

Findings 5 items

Severity	Finding	Location
High	Unverified remote script execution via curl\|bash The installation command fetches and executes a remote shell script without any integrity check (no hash, no signature, no pinned version). If the GitHub repository or the script path is compromised or redirected, arbitrary code executes on the host. This is a well-known supply-chain attack vector. `curl -sSL https://raw.githubusercontent.com/PaleBlueDot-AI-Open/pbd-cli/main/install.sh \| bash` → Replace with a direct binary download + checksum verification, or document a pinned version/commit hash. For example: download the release .tar.gz from GitHub Releases, verify its SHA-256 against a hardcoded value, then extract.	`SKILL.md:21`
Medium	Missing allowedTools declaration in skill metadata The SKILL.md metadata block does not declare any allowedTools. Per the capability model, tools map to resource access levels (Bash→shell:WRITE, Read→filesystem:READ, etc.). The absence prevents security auditors from determining what the skill can actually do at the tool level. `metadata: requires: bins: ["pbd-cli"]` → Add an allowedTools array to metadata, e.g., allowedTools: ["Bash", "Read"] to declare the tool access this skill exercises.	`SKILL.md:1`
Medium	Credential storage in plaintext config file Session cookies and optional API keys are stored in ~/.pbd-cli/config.yaml with 0600 permissions. While 0600 is correct per the doc, the config contains plaintext credentials. Any host compromise or privilege escalation would expose these tokens. `cookie: session=xxx api_key: "" # Optional` → Document that API keys should be scoped to minimal permissions. Consider recommending OS-level credential storage (e.g., keychain, pass) instead of a file-based approach.	`SKILL.md:286`
Low	Local HTTP server listening on dynamic port range Browser login flow starts a local HTTP server on ports 8080-8090 to receive OAuth callbacks. This exposes a local service and could conflict with other applications. `Starts local HTTP server listening for callback (port 8080-8090 auto-select)` → Document that the port range is bounded and the server only accepts callbacks from localhost. Ensure the server shuts down cleanly on timeout.	`SKILL.md:93`
Low	No source code or binary available for audit The skill package contains only documentation (SKILL.md). The actual implementation is the 'pbd-cli' binary fetched from GitHub. Without source code or a reproducible build, the binary behavior cannot be independently audited. `bins: ["pbd-cli"]` → If possible, reference a source code repository or build-from-source instructions. Pinned release artifacts with reproducible builds would improve trust.	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	SKILL.md:285 — stores config to ~/.pbd-cli/config.yaml
Network	`NONE`	`READ`	✓ Aligned	SKILL.md:21,93 — curl fetch + API calls to palebluedot.ai domains
Shell	`NONE`	`WRITE`	✗ Violation	SKILL.md:21 — curl install.sh piped to bash for binary installation
Browser	`NONE`	`READ`	✓ Aligned	SKILL.md:82 — 'pbd-cli login' auto-opens browser for OAuth callback
Environment	`NONE`	`NONE`	—	No environment variable access observed; --base-url flag provides URL override w…
Skill Invoke	`NONE`	`NONE`	—	No nested skill invocations declared

1 Critical 5 findings

💀

Critical Dangerous Command 危险 Shell 命令

curl -sSL https://raw.githubusercontent.com/PaleBlueDot-AI-Open/pbd-cli/main/install.sh | bash

SKILL.md:21

🔗

Medium External URL 外部 URL

https://open.palebluedot.ai

SKILL.md:87

🔗

Medium External URL 外部 URL

https://www.palebluedot.ai/login?redirect_uri=http://localhost:

SKILL.md:93

🔗

Medium External URL 外部 URL

https://www.palebluedot.ai/login?redirect_uri=...

SKILL.md:102

🔗

Medium External URL 外部 URL

https://www.palebluedot.ai

SKILL.md:296

File Tree

1 files · 6.6 KB · 309 lines

Markdown 1f · 309L

└─ 📝 SKILL.md Markdown 309L · 6.6 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`pbd-cli`	`latest (unpinned)`	GitHub Releases (PaleBlueDot-AI-Open/pbd-cli)	No	Binary fetched via curl\|bash with no integrity verification. No known CVEs found, but binary is not auditable from this package.
`curl`	`system`	system binary	No	Used to download install script — inherited vulnerabilities in curl could affect integrity of downloaded content.

Security Positives

✓ All functionality is clearly documented with examples; no hidden behavior identified in the skill package itself

✓ Config file uses 0600 permissions, preventing other users from reading credentials

✓ OAuth browser-based login flow is a reasonable authentication pattern

✓ Manual login mode (--manual) allows offline credential entry without browser dependency

✓ Session timeout and callback timeout are documented (5-minute wait)

✓ No evidence of credential exfiltration, base64/eval tricks, or suspicious network activity in the skill documentation

✓ No iteration over os.environ for credential harvesting observed

✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive host paths in the documented behavior

Scan Report

Findings 5 items

File Tree

Dependencies 2 items

Security Positives