eightctl
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
eightctlutility by downloading source code from a third-party GitHub repository (github.com/steipete/eightctl) and compiling it using the Go toolchain at runtime. - [COMMAND_EXECUTION]: The skill executes the
eightctlbinary to perform actions like controlling device temperature, schedules, and alarms. - [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication credentials (
EIGHTCTL_EMAIL,EIGHTCTL_PASSWORD) stored in environment variables or configuration files. The security of these credentials depends on the integrity of the external binary retrieved from GitHub.
Audit Metadata