rclone
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Found in SKILL.md and scripts/check_setup.sh:
curl https://rclone.org/install.sh | sudo bash. Piping remote scripts to a shell with root privileges is a high-risk pattern that allows unverified code execution. - [COMMAND_EXECUTION] (HIGH): The skill frequently uses
sudofor installation and configuration (e.g.,sudo apt install,sudo bash), increasing the attack surface for privilege escalation. - [CREDENTIALS_UNSAFE] (HIGH): The skill instructs the user to provide
access_key_idandsecret_access_keyfor various cloud providers (AWS, Cloudflare, Backblaze). These secrets are handled in plaintext commands, creating a risk of exposure in logs or shell history. - [EXTERNAL_DOWNLOADS] (MEDIUM): Downloads scripts and software from
rclone.org. Since this domain is not in the trusted sources list, it is treated as an unverified external dependency. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. Ingestion points: File paths and remote targets in
rclone copy/sync/ls(SKILL.md). Boundary markers: Absent. Capability inventory:rclone(file/network access),sudo(privilege escalation),bash(shell execution). Sanitization: Absent. Maliciously crafted filenames could potentially lead to command injection if the agent interpolates them directly into shell commands.
Recommendations
- AI detected serious security threats
Audit Metadata