chrono-setup
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs the user to run
curl -sSL https://raw.githubusercontent.com/ChronoAIProject/chrono-cli/main/install.sh | sh. This pattern executes code directly from a remote source without verification. Because the 'ChronoAIProject' organization is not in the trusted sources list, this is classified as a critical remote code execution risk.\n- [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads and executes software from an untrusted external source, which could be compromised or modified by the repository owner at any time to include malicious payloads.\n- [COMMAND_EXECUTION] (MEDIUM): The skill provides various commands for system configuration and authentication (e.g.,chrono login,chrono mcp-setup,chrono detect). The safety of these commands is entirely dependent on the integrity of the unverified CLI tool installed from the untrusted remote script.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/ChronoAIProject/chrono-cli/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata