init-onecli
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: Downloads and executes setup scripts directly from onecli.sh using curl | sh pipes.\n- [CREDENTIALS_UNSAFE]: Accesses the sensitive .env file to extract API keys and tokens. These secrets are then passed as plain-text command-line arguments to the onecli tool, which exposes them in the system's process table and command history.\n- [COMMAND_EXECUTION]: Modifies persistent shell configuration files (~/.bashrc and ~/.zshrc) to alter the environment PATH. It also executes commands to manage system services via systemctl and launchctl.\n- [EXTERNAL_DOWNLOADS]: Fetches executable installation scripts and CLI binaries from the onecli.sh domain during the setup process.
Recommendations
- AI detected serious security threats
Audit Metadata