auth-sniffer
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a custom CLI tool,
auth-sniff, to perform intrusive system-level operations. This includes identifying running browser processes and forcing their termination usingSIGTERMandSIGKILLloops to allow the browser to be relaunched with the Chrome DevTools Protocol (CDP) enabled. - [DATA_EXFILTRATION]: The core functionality of the skill is the programmatic extraction of sensitive authentication material from browser profiles. It specifically targets high-value credentials such as
auth_token,ct0, and other session-related keys from cookies,localStorage, andsessionStorage. This data represents active login sessions and could be used for session hijacking or unauthorized account access. - [CREDENTIALS_UNSAFE]: The skill is designed to automate the discovery and retrieval of private session identifiers and credentials directly from the user's local browser environment, focusing on specific domains like
.x.com.
Recommendations
- AI detected serious security threats
Audit Metadata