eightctl
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation manifest specifies downloading a Go module from
github.com/steipete/eightctl/cmd/eightctl@latest. This repository belongs to an external third-party user and is not from a verified or trusted organization. - [COMMAND_EXECUTION]: The skill executes the
eightctlbinary on the host system to perform its primary functions. This binary is built from the remote code downloaded during the installation phase. - [CREDENTIALS_UNSAFE]: The skill instructs the agent to use sensitive credentials, specifically
EIGHTCTL_EMAILandEIGHTCTL_PASSWORD, as well as a configuration file at~/.config/eightctl/config.yaml, to interact with the Eight Sleep service API.
Audit Metadata