masterhttprelayvpn-rust
Fail
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to download platform-specific binaries from an external GitHub releases page (github.com/therealaleph/MasterHttpRelayVPN-RUST/releases). This requires executing third-party binary code that is not verified or signed.
- [COMMAND_EXECUTION]: Users are instructed to run the tool with administrative privileges (sudo or Run as Administrator) to install a custom root CA certificate into the system trust store. This allows the application to perform Man-in-the-Middle interception and decryption of all HTTPS traffic on the machine.
- [COMMAND_EXECUTION]: The skill provides configuration for a systemd service, which establishes persistence by ensuring the proxy server runs automatically upon system startup.
- [REMOTE_CODE_EXECUTION]: The deployment process involves running several unverified scripts (run.sh, run.bat, run.command) and binary commands provided by the external repository, which facilitates the execution of remote code on the local host.
Recommendations
- AI detected serious security threats
Audit Metadata