pair-agent
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the Bun runtime installer from the official well-known domain
https://bun.sh/install. The installation script is verified against a hardcoded SHA256 checksum (bab8acfb046aac8c72407bdcce903957665d655d7acaa3e11c7c4616beae68dd) before execution. - [COMMAND_EXECUTION]: Modifies the project's
CLAUDE.mdfile to add skill routing rules and performs a git commit of the changes, subject to user approval via an interactive prompt. It also executes various local management binaries within the vendor-controlled~/.claude/skills/gstack/bin/directory for configuration and session management. - [DATA_EXFILTRATION]: Implements a telemetry and 'GBrain Sync' system that can transmit session metadata and usage statistics to remote endpoints. This functionality is opt-in, with the skill explicitly prompting the user for consent and offering various privacy levels before enabling data collection.
- [REMOTE_CODE_EXECUTION]: Provides automated setup for ngrok tunnels, allowing a remote agent to connect to the local browser server. While this creates an external entry point, it is the primary intended purpose of the skill and includes security measures like 5-minute setup key expiration.
Audit Metadata