Skills
skills/nordz0r/skills/zapret-openwrt-guide/Gen Agent Trust Hub

zapret-openwrt-guide

Warn

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill describes functionality for fetching updates and diagnostic tests from external domains.
  • Evidence: The update-pkg.sh script downloads releases from github.com/remittor/zapret-openwrt, and dwc.sh retrieves diagnostic data from hyperion-cs.github.io (documented in references/scripts.md).
  • [REMOTE_CODE_EXECUTION]: The tool features an update mechanism that downloads and installs software packages directly onto the router system.
  • Evidence: update-pkg.sh downloads ZIP archives, extracts files, and uses system package managers (opkg or apk) to install them, as described in references/scripts.md.
  • [COMMAND_EXECUTION]: The utility executes shell commands with system-level privileges to manage its lifecycle and networking capabilities.
  • Evidence: The skill documents the use of script-exec.sh to run commands in the background, init.d.sh for service management via procd, and sync_config.sh for programmatic editing of router configuration files (documented in references/scripts.md and references/config.md).
  • [DATA_EXPOSURE]: The skill provides instructions for the agent to read and modify sensitive system configuration paths.
  • Evidence: References to /etc/config/zapret and /opt/zapret/config appear throughout the configuration and UI documentation in references/config.md and references/ui.md.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 03:57 PM