Skills
skills/cruldra/skills/jenkins-cli/Gen Agent Trust Hub

jenkins-cli

Fail

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs downloading an executable file (jenkins-cli.jar) from https://jenkins.ailoveworld.cn/jnlpJars/jenkins-cli.jar. This domain is not an official source for Jenkins tools and is not listed as a known vendor resource.
  • [CREDENTIALS_UNSAFE]: The instructions include a hardcoded Jenkins API token and username in an alias example: -auth cruldra:1134e00c853945dc9749af3dd439142606. Storing plaintext credentials in configuration files or shell history is a high-risk practice.
  • [REMOTE_CODE_EXECUTION]: The skill guides the user to execute the downloaded JAR file using java -jar. Executing binaries from untrusted sources constitutes a remote code execution risk.
  • [COMMAND_EXECUTION]: The skill instructs modifying persistent shell configuration files (.zshrc or .bashrc) to add aliases that include the downloaded binary and hardcoded credentials.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 4, 2026, 07:06 AM