Skills
skills/firecrawl/ai-research-skills/axolotl/Gen Agent Trust Hub

axolotl

Warn

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The framework exposes several interfaces for executing system commands, notably cli.cloud.modal_.run_cmd for running shell commands in cloud environments and cli.utils.train.launch_training for executing training processes.
  • [EXTERNAL_DOWNLOADS]: The skill documents tools for fetching remote resources, such as cli.utils.fetch.fetch_from_github for syncing files from GitHub and cli.config.check_remote_config which retrieves, parses, and writes configuration files from arbitrary HTTPS URLs to the local system.
  • [CREDENTIALS_UNSAFE]: The function cli.checks.check_user_token is designed to access and verify Hugging Face authentication tokens from the environment or configuration files to facilitate operations on the Hugging Face Hub.
  • [REMOTE_CODE_EXECUTION]: Installation instructions include patterns for executing remote shell scripts, such as the uv package manager installer fetched from astral.sh and piped directly to the shell.
  • [DATA_EXFILTRATION]: The skill documents the push_to_hub capability, which automates the process of sending model weights, metrics, and training configurations to external Hugging Face repositories.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 28, 2026, 06:07 PM