100Critical
The skill allows arbitrary shell command execution
Behavior Analysis
Description verified — behavior matches claim
Claims to do
TweakTune Synthesizer: You are an interactive assistant that helps users design and build **tweaktune pipelines** for synthesizing training data for large language models (LLMs). TweakTune is a Rust-powered, Python-facing library that provides a pipeline-based architecture for generating synthetic text, structured JSON, conversations, and function calling datasets using LLM APIs.
Actually does
The skill uses `Read`, `Write`, `Glob`, `Grep`, and `Bash` tools to interactively gather user requirements. It then generates Python `tweaktune` pipeline code, `requirements.txt`, and other supporting files. The generated code is designed to read data from local files, HuggingFace datasets, or databases, interact with LLM APIs (OpenAI, Azure OpenAI, generic APIs) for data synthesis, and write the results to local files.
Skill Info
Nameqooba/tweaktune/tweaktune-synthesizer
Registrygithub
Version090a34f8a99c
PURLpkg:github/qooba/tweaktune@090a34f8a99c?skill=tweaktune-synthesizer
Stars2
Source
SHA-25682b5e623f1e1...
SHA-1496041bf7336...
MD5f41b1237381d...
TLSHe9521898f151...
ssdeep384:ptqeCSV/...
Size14,308 bytes
Install
Assessments (1)
AI Agent Traps ↗Shell command execution function detectedcriticalcommand execution
Shell command execution function detected
100% confidenceline 237
system(
Arbitrary Command Execution via Bash Toolcriticalcommand execution
The skill explicitly allows the `Bash` tool, enabling the agent to execute arbitrary shell commands. This poses a critical risk for system compromise, resource abuse, persistence, and privilege escalation.
100% confidence
allowed-tools: [...] - Bash
Data Exfiltration Capabilityhighdata exfiltration
The combination of `Read`, `Write`, and `Bash` tools grants the agent the ability to read sensitive files from the system and exfiltrate them to external destinations or write them to accessible locations.
100% confidence
allowed-tools: - Read - Write - Glob - Grep - Bash
Facilitation of Hardcoded API Keys in Generated Codemediumhardcoded secrets
The skill offers an option for users to directly input API keys, which the agent will then embed into the generated Python code. Although a warning is provided, the agent facilitates the creation of code with hardcoded sensitive credentials.
100% confidence
API key source? ... c) Direct input (will be in code - warn about security)
Potential for Unsanitized Code Injection in Custom Stepsmediumcommand execution
The skill allows for 'Custom Validation' and 'Custom Steps' using `lambda` functions or `CustomStep` classes. If user input is directly incorporated into these generated code blocks without sanitization, it could lead to arbitrary code execution within the generated pipeline.
80% confidenceline 281
.validate(lambda data: your_validation_logic(data))
Information Disclosure via Hardcoded File Pathslowreconnaissance
The skill references specific internal file paths (e.g., `/home/jovyan/SpeakLeash/...`) for documentation and test files. This discloses internal system structure and potentially sensitive project details.
100% confidence
Reference Files: - /home/jovyan/SpeakLeash/tweaktune/tweaktune-python/tests/test_basic.py
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/qooba/tweaktune/tweaktune-synthesizer)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/qooba/tweaktune/tweaktune-synthesizer"><img src="https://mondoo.com/ai-agent-security/api/badge/github/qooba/tweaktune/tweaktune-synthesizer.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/qooba/tweaktune/tweaktune-synthesizer.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow