listenhub
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/generate-image.shutilizesevalto execute installation commands that includesudofor managing system dependencies such asjqandcurl, which constitutes a privilege escalation risk. - [COMMAND_EXECUTION]: The scripts
scripts/generate-image.shandscripts/lib.shmodify and read from user shell configuration files (e.g.,~/.zshrc,~/.bashrc,~/.profile) to persist environment variables and API keys. - [EXTERNAL_DOWNLOADS]: The
scripts/lib.shscript performs an automated version check by fetching content fromraw.githubusercontent.com/marswaveai/skills/main/skills/listenhub/VERSION. - [EXTERNAL_DOWNLOADS]: The
scripts/generate-image.shscript triggers the download and installation of system-level utilities from official package registries (e.g., viaapt-get,brew,yum) if required tools are missing. - [DATA_EXFILTRATION]: User-provided content, including text and external URLs, is transmitted to the
api.marswave.aiandapi.labnana.comendpoints for processing. While essential for the skill's functionality, it involves sending data to external servers.
Recommendations
- AI detected serious security threats
Audit Metadata