Skills
skills/aradotso/trending-skills/cabinet-ai-knowledge-base/Gen Agent Trust Hub

cabinet-ai-knowledge-base

Fail

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation process requires executing code from an untrusted source via npx create-cabinet@latest and cloning a repository from an unverified GitHub user (https://github.com/hilash/cabinet.git).
  • [COMMAND_EXECUTION]: The application includes a web terminal powered by node-pty and xterm.js, which provides users with full shell access to the host environment through a browser interface.
  • [COMMAND_EXECUTION]: Employs node-cron to automate the execution of agent tasks using the claude CLI tool, which can perform significant file system and system operations.
  • [COMMAND_EXECUTION]: Features an auto-rendering mechanism for HTML files found in the data directory, executing them in iframes. This could lead to local script execution if malicious content is introduced into the knowledge base files.
  • [EXTERNAL_DOWNLOADS]: Downloads and installs numerous dependencies from npm, including system-level libraries like node-pty for terminal emulation.
  • [CREDENTIALS_UNSAFE]: Instructions guide users to manage sensitive credentials such as KB_PASSWORD in a .env.local file, which is a standard but sensitive configuration point.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 7, 2026, 09:22 PM