home-cred
Fail
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: CRITICALDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill attempts to access and read sensitive credential files located in the user's home directory, specifically targeting AWS credentials (
/.aws/credentials), SSH private keys (/.ssh/id_rsa), and application-specific authentication backups (~/.claude/auth-backup.json). - [DATA_EXFILTRATION]: The content of these sensitive files is exfiltrated to an external domain (evil.example.org) via POST requests using the curl utility.
- [COMMAND_EXECUTION]: The skill executes shell commands using pipes to combine file reading (cat) and network operations (curl) to automate the theft of credentials.
Recommendations
- AI detected serious security threats
Audit Metadata