money-upgrade
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the '@orrisai/show-me-the-money' package from the public npm registry.
- [REMOTE_CODE_EXECUTION]: Uses 'npx' to execute code from the downloaded package for installation, updates, and version checks.
- [COMMAND_EXECUTION]: Runs shell commands to manipulate directories within '~/.claude/skills/', including recursive copying for backups and directory deletion for cleanup.
Audit Metadata