rclone
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the official rclone installation script at 'https://rclone.org/install.sh'. This is documented as the standard method for acquiring the tool from its primary distribution point.
- [REMOTE_CODE_EXECUTION]: Provides the standard command pattern 'curl ... | sudo bash' for installing rclone. This targets the official domain of a well-known utility.
- [COMMAND_EXECUTION]: Documentation includes a wide array of commands for interacting with cloud storage, including listing files, synchronizing directories, and mounting remote storage as a local filesystem using FUSE.
- [COMMAND_EXECUTION]: Examples include administrative operations such as package installation (apt/dnf install) and the creation of systemd service units for automated backup and mounting tasks.
- [CREDENTIALS_UNSAFE]: Explicitly warns users that the 'rclone.conf' file contains credentials in plain text and provides the security recommendation to restrict access using 'chmod 600'. It also notes that the 'rclone config show' command will output these credentials.
Audit Metadata