llm-monitoring-dashboard
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads and executes a shell script from 'https://raw.githubusercontent.com/nooscraft/tokuin/main/install.sh' by piping it directly into bash. This pattern is extremely high risk as it executes unverified code from an untrusted third party.- [REMOTE_CODE_EXECUTION]: For Windows environments, the skill uses the 'iex' (Invoke-Expression) command to run a remote PowerShell script from 'https://raw.githubusercontent.com/nooscraft/tokuin/main/install.ps1'.- [EXTERNAL_DOWNLOADS]: The skill downloads the Tokuin CLI from 'nooscraft', which is not a recognized trusted vendor or well-known service provider.- [COMMAND_EXECUTION]: The skill establishes persistence by modifying the user's crontab to automatically run several scripts ('collect-metrics.sh', 'generate-pm-report.sh', 'check-alerts.sh') at 5-minute, hourly, and weekly intervals.- [COMMAND_EXECUTION]: Multiple executable files, including 'safety-guard.sh' and 'collect-metrics.sh', are dynamically created and executed at runtime using shell commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nooscraft/tokuin/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata