llm-monitoring-dashboard
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to install the 'Tokuin' CLI tool by piping a remote script from an unverified GitHub repository directly to the shell (
curl -fsSL https://raw.githubusercontent.com/nooscraft/tokuin/main/install.sh | bash). This is a critical security risk as it executes unauthenticated code. - [EXTERNAL_DOWNLOADS]: Fetches multiple external resources from
nooscraft/tokuin, which is not a verified or trusted vendor. This includes shell scripts and PowerShell executables. - [COMMAND_EXECUTION]: The skill automatically modifies the user's
crontabto register three separate persistent tasks for periodic data collection, report generation, and cost alerting. These tasks run in the background without explicit per-execution consent. - [DATA_EXFILTRATION]: The skill is designed to send monitoring data and cost alerts to an external
SLACK_WEBHOOK_URLprovided via environment variables. While intended for monitoring, this establishes a channel for data to leave the local environment. - [PROMPT_INJECTION]: The
collect-metrics.shscript provides an indirect injection surface by taking arbitrary prompt data as input and passing it through categorization and storage logic. While it hashes the prompts, the processing pipeline handles untrusted data strings directly.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nooscraft/tokuin/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata