Skills
skills/notdp/.dotfiles/droid-bin-mod/Gen Agent Trust Hub

droid-bin-mod

Fail

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Python scripts to perform regex-based byte manipulation on the binary file ~/.local/bin/droid. It also utilizes 'codesign' to modify binary signatures on macOS.
  • [REMOTE_CODE_EXECUTION]: By modifying the binary's executable logic, the skill effectively injects new behaviors into the tool, such as bypassing mission whitelists and overriding internal model access checks.
  • [CREDENTIALS_UNSAFE]: The 'status.py' script reads ~/.factory/settings.json, which stores custom model configurations and extra arguments. This file often contains sensitive API keys which are printed to the console during status checks.
  • [COMMAND_EXECUTION]: A specific modification is provided to disable the 'checkForUpdates' mechanism, preventing the binary from being restored to its original state and ensuring the persistence of unauthorized modifications.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 28, 2026, 05:21 AM