Skills
skills/terrylica/cc-skills/server/Gen Agent Trust Hub

server

Fail

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions to establish a persistence mechanism by creating a macOS launchd service. This involves writing a configuration file to ~/Library/LaunchAgents/com.terryli.kokoro-tts-server.plist and using launchctl to ensure the server starts automatically and stays running.
  • [COMMAND_EXECUTION]: The skill includes instructions to compile a Swift launcher binary using the swiftc compiler. This binary is used as a wrapper to execute the Python server script, which is a form of dynamic code generation and execution at runtime.
  • [REMOTE_CODE_EXECUTION]: Automated security scans flagged a command in SKILL.md (curl -s http://127.0.0.1:8779/health | python3) as a remote code execution pattern. Detailed analysis of the file confirms the actual command is curl -s http://127.0.0.1:8779/health | python3 -m json.tool, which is a safe, standard method for formatting local JSON responses and does not execute external code.
Recommendations
  • HIGH: Downloads and executes remote code from: http://127.0.0.1:8779/health - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 4, 2026, 09:52 AM