newapi
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The action
exec-tokenallows the execution of arbitrary shell commands. The underlying scriptscripts/exec-token.jsuseschild_process.execSyncwithshell: trueto run commands where a placeholder is replaced by a real API key fetched from the server. - [CREDENTIALS_UNSAFE]: The skill is designed to manage, inject, and copy sensitive
sk-API keys. It also retrieves management credentials from local.envfiles usingscripts/env.jsand stores them in environment variables. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to external endpoints (user-configured
NEWAPI_BASE_URL) to manage tokens and fetches documentation fromapifox.newapi.aiandwww.newapi.ai. - [DATA_EXFILTRATION]: The skill moves sensitive tokens between a remote API, local storage, the system clipboard, and shell command arguments. It relies on a regex-based sanitization script (
scripts/sanitize.js) to redact these secrets from the AI's view, which is a heuristic that could potentially be bypassed or fail on unexpected formats. - [PROMPT_INJECTION]: The
SKILL.mdfile contains extensive, "absolute and non-negotiable" instructions aimed at overriding the agent's default behavior to prevent it from revealing or inspecting the API keys it handles. - [DATA_EXPOSURE]: When applying a token to a configuration file,
scripts/inject-key.jscreates a.bakbackup file in the same directory. This backup file contains the real, unmasked API key in plain text, posing a risk of accidental exposure if the file is not manually deleted.
Recommendations
- AI detected serious security threats
Audit Metadata