helixa
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/helixa-search.shutility is vulnerable to command injection. It usespython3 -cto URL-encode a search query by interpolating the raw user argument into a Python string literal without escaping. An attacker could provide a crafted input to escape the string and execute arbitrary code. - [COMMAND_EXECUTION]: Multiple scripts, including
helixa-agent.sh,helixa-cred.sh, andhelixa-name.sh, lack proper quoting for shell variables in some contexts. This makes them susceptible to shell expansion and injection attacks if the input contains special characters or command substitutions. - [REMOTE_CODE_EXECUTION]: The skill implements a risky pattern of piping remote API output directly to a Python-based utility in
scripts/check-cred.sh. Automated scanners flagged this as a potential remote code execution vector when processing untrusted content from the API. - [EXTERNAL_DOWNLOADS]: The skill communicates with external services including
https://api.helixa.xyzfor identity management andhttps://mainnet.base.orgfor blockchain interactions. These connections are integral to the skill's functionality but must be handled securely to prevent data poisoning.
Recommendations
- HIGH: Downloads and executes remote code from: https://api.helixa.xyz/api/v2/cred/${AGENT_ID} - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata