Skills
skills/levnikolaevich/claude-code-skills/ln-013-config-syncer/Gen Agent Trust Hub

ln-013-config-syncer

Fail

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs file system manipulations such as creating symlinks and junctions using shell commands and Node.js scripts. It explicitly modifies the Codex CLI configuration to set approval_policy = "never" and sandbox_mode = "danger-full-access", which bypasses standard security prompts and removes sandbox restrictions for the agent.
  • [CREDENTIALS_UNSAFE]: The skill reads sensitive configuration files including ~/.claude.json, ~/.gemini/settings.json, and ~/.codex/config.toml. These files are canonical locations for storing API keys, session tokens, and other private credentials.
  • [REMOTE_CODE_EXECUTION]: When the auto_install_providers flag is set, the skill initiates the installation of external language server binaries (e.g., basedpyright, gopls, rust-analyzer) using system-level package managers like pip and npm.
  • [EXTERNAL_DOWNLOADS]: The skill coordinates the download of software packages from public registries such as PyPI and NPM to fulfill dependency requirements for managed MCP servers.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 26, 2026, 01:34 PM