github analyzed d959d85

trynullsec/nullsec-s1

github

Security-native LLM system for AI-generated application security.

maintainer: trynullsec
license: —
first seen: 2026-06-04
last seen: 2026-06-04
releases · 30d: 1
short id

Drift inferred · capture-to-capture

No drift recorded — single capability capture; advisories appear once its surface changes.

capabilities 0 tools

transport stdio · http · sse counts 0 tools · 0 res · 0 prompts permission surface via code analysis

No tools enumerated yet for this server.

skills & danger signals github-tarball

prompt-surface shipped agent-instruction files + hidden-content / dangerous-code findings — quoted from the analyzed source

analyzed commit d959d85 · analyzer v20 · 16h ago

danger signals7

suspicious endpoint169.254.169.254 (cloud metadata)trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch2.py:46exploit="url=http://169.254.169.254/latest/meta-data/iam/security-credentials/ leaks cloud creds.",
suspicious endpoint169.254.169.254 (cloud metadata)trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint002_cases_p1.py:135exploit="image_url=http://169.254.169.254/latest/meta-data/ reaches cloud metadata; GitLab's image pipeline (CVE-2021-22205) shows the class of server-side fetch/processing risk.",
suspicious endpoint169.254.169.254 (cloud metadata)trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint002_cases_sup.py:16exploit="target=http://169.254.169.254/ probes cloud metadata; same SSRF class as the GitLab image fetch (CVE-2021-22205).",
suspicious endpoint169.254.169.254 (cloud metadata)trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint003_cases_p2.py:280exploit="endpoint=http://169.254.169.254/ or internal admin URL is reachable from the server.",
suspicious endpoint169.254.169.254 (cloud metadata)trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint003_cases_p3.py:136exploit="The agent fetches http://169.254.169.254/ via the tool, leaking cloud metadata.",
suspicious endpoint169.254.169.254 (cloud metadata)trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint004_cases_p3.py:16exploit="url=http://169.254.169.254/latest/meta-data/iam/security-credentials/ reaches cloud metadata from the server.",
suspicious endpoint169.254.169.254 (cloud metadata)trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint005_cases_p3.py:43exploit="u=http://169.254.169.254/ reaches cloud metadata from the server.",

code evidence vv1.0.0-rc25 · github-tarball

evidence-backed findings quoted directly from the published source artifact — not inferred

filesystem 43

fs trynullsec-nullsec-s1-d959d85/cli/nullsec1.py :17 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/inference.py :15 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/nullsec/core/engine.py :18 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/nullsec/core/prompts.py :7 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/nullsec/core/version.py :21 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/nullsec/ingest/import_cve.py :22 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/nullsec/ingest/import_scanners.py :27 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/nullsec/safety/alignment.py :22 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/scripts/_artifacts.py :15 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/scripts/model_arena.py :15 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/scripts/release_candidate.py :30 import shutil
fs trynullsec-nullsec-s1-d959d85/scripts/validate_claims.py :20 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/serving/server.py :30 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/taxonomy/__init__.py :10 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/_ingest_store.py :18 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/curate_ingested.py :30 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/dataset_stats.py :18 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/ingestion_stats.py :19 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/preflight_train.py :29 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/prepare_dataset.py :24 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/release_threshold.py :23 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch1.py :18 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch2.py :84 code="def unpack(tar_path, dest):\n tarfile.open(tar_path).extractall(dest)\n",
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch3.py :105 with out.open("w", encoding="utf-8") as fh:
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch4.py :115 with out.open("w", encoding="utf-8") as fh:
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch5.py :60 code="@tool('read')\ndef read(path: str):\n return open(path).read()\n",
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch6.py :58 with out.open("w", encoding="utf-8") as fh:
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint002_cases_p1.py :133 code="image = open(params[:image_url]) # fetches a user-supplied URL server-side\n",
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint002_cases_p3.py :132 code="@tool('write')\ndef write(path:str, content:str):\n open(path,'w').write(content)\n",
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint002_stage.py :13 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint003_cases_p2.py :91 code="@app.post('/avatar')\nasync def avatar(f: UploadFile):\n open(f'static/{f.filename}','wb').write(await f.read())\n",
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint003_cases_p3.py :74 code="@mcp.tool()\ndef read_file(path: str) -> str:\n return open(path).read()\n",
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint003_stage.py :12 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint004_cases_p2.py :98 code="@app.post('/img')\nasync def img(f: UploadFile):\n if not f.filename.endswith(('.png','.jpg','.svg')): raise HTTPException(415)\n open(f'static/{f.filename}','wb').write(await f.read())\n"
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint004_cases_p3.py :148 patch="- subprocess.run(f'pg_dump {db_name} > /backups/{db_name}.sql', shell=True)\n+ if not re.match(r'^[A-Za-z0-9_]+$', db_name): raise HTTPException(400)\n+ with open(f'/backups/{db_name}.
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint004_cases_p4.py :24 code="@mcp.tool()\ndef delete_path(path: str):\n shutil.rmtree(path, ignore_errors=True)\n",
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint004_stage.py :12 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint005_cases_p2.py :79 code="if f.mimetype == 'image/svg+xml':\n open(f'static/{f.filename}','wb').write(f.read())\n",
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint005_cases_p4.py :44 code="@mcp.tool()\ndef read_doc(name: str):\n return open(os.path.join(DOCS, name)).read()\n",
fs trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint005_stage.py :12 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/synthesize_corpus.py :26 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/train_qlora.py :33 from pathlib import Path
fs trynullsec-nullsec-s1-d959d85/training/validate_corpus.py :25 from pathlib import Path

shell / exec 10

shell trynullsec-nullsec-s1-d959d85/training/preflight_train.py :49 import subprocess
shell trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch1.py :106 code="@app.route('/ping')\ndef ping():\n host = request.args['host']\n return os.popen('ping -c1 ' + host).read()\n",
shell trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch5.py :49 code="@tool('shell')\ndef shell(cmd: str):\n return subprocess.run(cmd, shell=True, capture_output=True).stdout\n",
shell trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint002_cases_p1.py :194 code="def convert(name):\n subprocess.call('convert ' + name + ' out.png', shell=True)\n",
shell trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint002_cases_p3.py :112 code="@tool('exec')\ndef exec_(cmd:str): return subprocess.run(cmd, shell=True, capture_output=True).stdout\n",
shell trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint003_cases_p3.py :84 code="@mcp.tool()\ndef run(command: str) -> str:\n return subprocess.check_output(command, shell=True, text=True)\n",
shell trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint004_cases_p3.py :98 code="@app.post('/doc2pdf')\ndef d(name: str):\n os.system(f'pandoc {name} -o {name}.pdf')\n",
shell trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint004_cases_p4.py :14 code="@mcp.tool()\ndef execute(cmd: str) -> str:\n return os.popen(cmd).read()\n",
shell trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint004_cases_reject.py :24 code="os.system('ping ' + request.args['h'])\n",
shell trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint005_cases_p3.py :70 code="@app.post('/deploy')\ndef deploy(branch: str):\n os.system(f'git checkout {branch} && ./deploy.sh')\n",

network 9

net trynullsec-nullsec-s1-d959d85/scripts/model_arena.py :17 from urllib.error import HTTPError, URLError
net trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch2.py :43 code="@app.post('/preview')\ndef preview():\n return requests.get(request.json['url'], timeout=5).text\n",
net trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint002_cases_p1.py :143 code="@app.post('/hook')\ndef hook():\n return requests.post(request.json['callback'], json={}).text\n",
net trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint002_cases_sup.py :14 code="@app.get('/meta')\ndef meta():\n return requests.get(request.args['target']).headers.get('Server','')\n",
net trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint003_cases_p2.py :269 code="@app.post('/avatar/import')\ndef imp(url: str):\n img = requests.get(url).content\n return store(img)\n",
net trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint003_cases_p3.py :134 code="@mcp.tool()\ndef http_get(url: str):\n return requests.get(url).text\n",
net trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint004_cases_p3.py :23 code="@app.post('/import')\ndef imp(url: str):\n return {'data': requests.get(url, allow_redirects=True).json()}\n",
net trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint005_cases_p4.py :24 code="@mcp.tool()\ndef post_data(url: str, payload: str):\n return requests.post(url, data=payload).status_code\n",
net trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint005_cases_reject.py :14 code="requests.get(request.args['u'])\n",

secrets 4

secrets trynullsec-nullsec-s1-d959d85/inference.py :127 ap.add_argument("--max-new-tokens", type=int, default=int(os.environ.get("NULLSEC_MAX_NEW_TOKENS", "1536")))
secrets trynullsec-nullsec-s1-d959d85/scripts/model_arena.py :132 api_key = os.environ.get("ANTHROPIC_API_KEY")
secrets trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint002_cases_p2.py :38 patch="-app.secret_key = 'dev'\n+app.secret_key = os.environ['FLASK_SECRET_KEY'] # strong random per-env",
secrets trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint003_cases_p1.py :192 patch="-SENDGRID_API_KEY = 'SG.EXAMPLE.realLookingKey'\n+SENDGRID_API_KEY = os.environ['SENDGRID_API_KEY'] # rotate exposed key",

declared dependencies 15

pydantic@>=2.6
jsonschema@>=4.21
fastapi@>=0.110
uvicorn@>=0.29
pyyaml@>=6.0
torch@>=2.3
transformers@>=4.44
peft@>=0.11
trl@>=0.9
bitsandbytes@>=0.43
datasets@>=2.19
accelerate@>=0.30
sentencepiece@>=0.2
pytest@>=8.0
httpx@>=0.27

obfuscation 11

dynamic require()/import() trynullsec-nullsec-s1-d959d85/nullsec/core/engine.py :22 from nullsec.safety import (
dynamic require()/import() trynullsec-nullsec-s1-d959d85/nullsec/safety/__init__.py :17 from nullsec.safety.alignment import (
dynamic require()/import() trynullsec-nullsec-s1-d959d85/scripts/release_candidate.py :39 from benchmarks.metrics import (
dynamic require()/import() trynullsec-nullsec-s1-d959d85/serving/server.py :41 from nullsec.core.version import (
dynamic require()/import() trynullsec-nullsec-s1-d959d85/training/curate_ingested.py :35 from training._ingest_store import ( # noqa: E402
dynamic require()/import() trynullsec-nullsec-s1-d959d85/training/ingestion_stats.py :24 from training._ingest_store import ( # noqa: E402
dynamic require()/import() trynullsec-nullsec-s1-d959d85/training/preflight_train.py :9 2. The GPU training dependencies import (torch, transformers, peft, trl,
dynamic require()/import() trynullsec-nullsec-s1-d959d85/training/prepare_dataset.py :31 from nullsec.safety import ( # noqa: E402
dynamic require()/import() trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch2.py :6 from training.sprint_data.sprint001_batch1 import (
dynamic require()/import() trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch3.py :6 from training.sprint_data.sprint001_batch1 import (
dynamic require()/import() trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch6.py :6 from training.sprint_data.sprint001_batch1 import (

perm:untrusted 5

untrusted trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint001_batch2.py :43 code="@app.post('/preview')\ndef preview():\n return requests.get(request.json['url'], timeout=5).text\n",
untrusted trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint002_cases_p1.py :143 code="@app.post('/hook')\ndef hook():\n return requests.post(request.json['callback'], json={}).text\n",
untrusted trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint003_cases_p2.py :269 code="@app.post('/avatar/import')\ndef imp(url: str):\n img = requests.get(url).content\n return store(img)\n",
untrusted trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint003_cases_p3.py :134 code="@mcp.tool()\ndef http_get(url: str):\n return requests.get(url).text\n",
untrusted trynullsec-nullsec-s1-d959d85/training/sprint_data/sprint004_cases_p3.py :23 code="@app.post('/import')\ndef imp(url: str):\n return {'data': requests.get(url, allow_redirects=True).json()}\n",