skills/stablyai/orca/electron/Gen Agent Trust Hub

electron

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes playwright-cli run-code to execute arbitrary Playwright/JavaScript logic. This is a primary feature for handling complex automation scenarios but constitutes a dynamic execution vector within the automated application's context.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx playwright-cli, which may download and execute the playwright-cli package from the public NPM registry at runtime if it is not already present on the system.
  • [COMMAND_EXECUTION]: The skill provides instructions for process management using kill, ps, and lsof. It includes specific 'Critical Safety Rules' to ensure the agent does not terminate its own process or other critical system components.
  • [REMOTE_CODE_EXECUTION]: A command pattern pipes JSON data from a local endpoint (http://localhost:9222/json) directly into python3. Although the Python code is provided as a local argument via -c, this pattern processes external (network-derived) data through a language interpreter.
Recommendations
  • HIGH: Downloads and executes remote code from: http://localhost:9222/json - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 10:02 PM