Skills
skills/getcompanion-ai/companion-skill/companion-offload/Gen Agent Trust Hub

companion-offload

Fail

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill executes a remote installation script from claude.ai (a well-known service) using curl | sh on the remote sandbox to prepare the environment.
  • [COMMAND_EXECUTION]: The offload.sh script uses the eval command to construct and execute shell commands. It interpolates the user-provided TASK_PROMPT directly into a single-quoted string passed to a remote shell. This creates a command injection vulnerability where a prompt containing unescaped single quotes could execute arbitrary commands on the remote sandbox.
  • [DATA_EXFILTRATION]: The skill automatically collects local environment variables (including sensitive keys like ANTHROPIC_API_KEY) and the .claude/ session history directory, then transfers them to the remote sandbox via rsync. This is intended for task continuity but results in the exposure of local secrets to a remote network environment.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @getcompanion/cli and @anthropic-ai/claude-code packages from the NPM registry. These are vendor-owned or well-known packages required for the skill's primary function.
Recommendations
  • HIGH: Downloads and executes remote code from: https://claude.ai/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 12, 2026, 10:31 AM