llm-monitoring-dashboard
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to install the 'Tokuin CLI' by piping a remote script directly into the bash shell (
curl -fsSL https://raw.githubusercontent.com/nooscraft/tokuin/main/install.sh | bash). This provides the remote script with full execution privileges on the host system without prior verification. This is also suggested for Windows environments via PowerShell'siexcommand. - [COMMAND_EXECUTION]: The skill sets up multiple persistence mechanisms using
crontab. It schedules recurring tasks to collect metrics every 5 minutes, generate weekly reports every Monday, and check for cost alerts every hour. These background processes run generated scripts that execute various shell and Python commands. - [COMMAND_EXECUTION]: In the
collect-metrics.shscript, shell variables containing data from external tool outputs are interpolated directly into a Python heredoc (result = json.loads('''${RESULT}''')). This pattern is vulnerable to arbitrary Python code execution if the interpolated content is manipulated to break out of the string literal. - [DATA_EXFILTRATION]: The skill facilitates the transmission of aggregated usage data, costs, and system insights to external endpoints via a user-configured
SLACK_WEBHOOK_URL. This mechanism is used by the automated alerting and reporting scripts to send internal metrics to an external service.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nooscraft/tokuin/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata