eightctl
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installs the eightctl binary from an untrusted third-party GitHub repository (github.com/steipete/eightctl). This repository is not included in the trusted organizations or repositories list.
- CREDENTIALS_UNSAFE (LOW): The skill manages sensitive user credentials (email and password) via environment variables or a local configuration file (~/.config/eightctl/config.yaml).
- COMMAND_EXECUTION (LOW): The skill executes the downloaded eightctl binary to perform operations on Eight Sleep hardware.
Audit Metadata