anycap-cli
Fail
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to install the CLI tool by fetching a shell script from
https://anycap.ai/install.shand piping it directly tosh. This pattern involves executing remote code without local inspection. - [COMMAND_EXECUTION]: The skill depends on the execution of shell commands, specifically the
anycapbinary and thejqutility, to perform its core tasks. - [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication data, including API keys and OAuth tokens, which are stored in the system keychain or a configuration file at
~/.anycap/credentials. - [EXTERNAL_DOWNLOADS]: The tool performs external downloads via its
anycap downloadandanycap updatecommands, fetching binaries and files from the vendor's remote servers. - [DATA_EXFILTRATION]: Multimodal analysis commands (
image-understand,video-read) involve uploading local files to the AnyCap API, which transmits local data to a remote cloud service. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks when processing instructions alongside external media. 1. Ingestion points:
references/actions.mdvia--urland--fileflags. 2. Boundary markers: None identified. 3. Capability inventory: File system access, network operations, and CLI-based command execution. 4. Sanitization: No evidence of sanitization for processed external content.
Recommendations
- HIGH: Downloads and executes remote code from: https://anycap.ai/install.sh - DO NOT USE without thorough review
Audit Metadata