Skills
skills/ianchenx/substracker-skills/substracker/Gen Agent Trust Hub

substracker

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill allows passing highly sensitive secrets as command-line arguments.
  • Evidence: In scripts/config.ts and scripts/notifications.ts, sensitive fields such as ADMIN_PASSWORD, TG_BOT_TOKEN, RESEND_API_KEY, and GOTIFY_APP_TOKEN are accepted as CLI flags. When the agent executes these commands (e.g., bun scripts/main.ts c update --tg-bot-token "..."), the secrets become visible to any user on the system via process monitoring tools like ps.
  • [DATA_EXFILTRATION]: The skill accesses sensitive local files and stores session data in an insecure location.
  • Evidence: scripts/client.ts reads from ~/.substracker-skills/.env, which is used to store the SUBSTRACKER_PASS.
  • Evidence: scripts/client.ts stores the session cookie in /tmp/substracker_cookie.txt. On multi-user systems, the /tmp directory is often world-readable, potentially allowing other users to hijack the SubsTracker session.
  • [COMMAND_EXECUTION]: The skill's primary interface is the execution of TypeScript files via the Bun runtime.
  • Evidence: SKILL.md defines several commands that involve spawning subprocesses to run bun scripts/main.ts, which grants the agent the capability to execute code on the host machine.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 02:38 PM