temps-cli
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): An automated scanner detected the piped shell execution pattern
curl https://get.acme.sh | sh. This allows unverified remote code to be executed directly, presenting a severe security risk. - EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the
@temps-sdk/clipackage from npm, which is not from a trusted source organization and thus presents a supply chain risk. - COMMAND_EXECUTION (LOW): The extensive command set for infrastructure management provides a broad surface for potential exploits.
- CREDENTIALS_UNSAFE (MEDIUM): The skill identifies sensitive credential storage locations such as
~/.temps/.secrets, increasing the risk of unauthorized data access.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.acme.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata