llm-monitoring-dashboard
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill executes unverified remote code from an untrusted source by piping a shell script from GitHub directly into the system interpreter.
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs software from a non-vendor repository (nooscraft/tokuin) without any integrity checks.
- [COMMAND_EXECUTION]: The skill establishes persistence on the host system by programmatically modifying the crontab to schedule multiple recurring background tasks.
- [DATA_EXFILTRATION]: The skill includes a feature to transmit cost and usage metrics to an external destination via a Slack webhook (SLACK_WEBHOOK_URL).
- [CREDENTIALS_UNSAFE]: The skill includes logic to scan the filesystem for hardcoded secrets and accesses sensitive environment files (.env) containing API keys for OpenAI, Anthropic, and OpenRouter.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nooscraft/tokuin/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata