The model deployment skill allows remote code execution and uses unpinned dependencies, posing significant supply chain risks.
Claims to do
Model Deployment: Deploy LLMs to production with optimal performance.
Actually does
This skill provides code examples and instructions for deploying Large Language Models (LLMs) using tools like vLLM, Text Generation Inference (TGI), Ollama, and a custom FastAPI server. It demonstrates installing these tools, starting local servers, querying their HTTP endpoints (e.g., `http://localhost:8000`, `http://localhost:8080`, `http://localhost:11434`), and downloading models like `meta-llama/Llama-2-7b-chat-hf` from Hugging Face. It also includes examples for Docker, Kubernetes, optimization techniques, and Prometheus monitoring.
Remote code download and execution detected
curl -fsSL https://ollama.ai/install.sh | sh
Unpinned dependency installation — package installed without version pinning
pip install vllm
[](https://mondoo.com/ai-agent-security/skills/github/pluginagentmarketplace/custom-plugin-ai-engineer/model-deployment)<a href="https://mondoo.com/ai-agent-security/skills/github/pluginagentmarketplace/custom-plugin-ai-engineer/model-deployment"><img src="https://mondoo.com/ai-agent-security/api/badge/github/pluginagentmarketplace/custom-plugin-ai-engineer/model-deployment.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/github/pluginagentmarketplace/custom-plugin-ai-engineer/model-deployment.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.