Fail
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to execute shell scripts directly from a remote URL by piping them to bash (
curl -sSL https://canifi.com/skills/linkedin/install.sh | bashandcurl -sSL https://canifi.com/install.sh | bash). This is a highly insecure practice as it allows for arbitrary code execution from a non-standard, third-party domain without prior inspection of the script content. - [CREDENTIALS_UNSAFE]: The documentation encourages the storage and use of sensitive plaintext credentials (
LINKEDIN_EMAIL,LINKEDIN_PASSWORD) via a customcanifi-envtool. While it claims local storage, the skill's logic explicitly mentions entering these credentials into login forms, which increases the risk of credential exposure during browser automation sessions. - [COMMAND_EXECUTION]: The skill relies on executing local CLI commands (
canifi-env) and browser automation scripts to perform its functions, which could be exploited if the underlying scripts are compromised or if input is not properly sanitized. - [EXTERNAL_DOWNLOADS]: The skill fetches resources and installation scripts from
canifi.com, which is an external, non-whitelisted domain. This introduces a supply chain risk if the domain or the hosted files are compromised.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/linkedin/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata