lsp-setup
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The LSPConfigurator class in lsp_configurator.py specifically targets the .env file for reading and writing. Since .env files often contain secrets and API keys, providing the agent with tools to parse and modify these files is a high-risk data exposure vector.
- EXTERNAL_DOWNLOADS (HIGH): The PluginManager in plugin_manager.py executes npx cclsp install, which downloads and runs code from the npm registry at runtime. This facilitates remote code execution (RCE) via untrusted external dependencies.
- COMMAND_EXECUTION (HIGH): Multiple files (plugin_manager.py, mcp_configurator.py) use subprocess.run to invoke system binaries. While the skill attempts to validate plugin names using regex, the underlying mechanism allows for the execution of arbitrary commands if the validation is bypassed or if the invoked package itself is malicious.
- DATA_EXFILTRATION (MEDIUM): By providing a structured way to read all environment variables from .env (get_all_env_variables in lsp_configurator.py), the skill creates a clear path for an agent to access sensitive credentials which could then be exfiltrated via subsequent network calls.
Recommendations
- AI detected serious security threats
Audit Metadata