unifi-api

The manifest itself is not an active malware payload but is overly permissive and enables several high-risk behaviors (arbitrary shell execution and dynamic package installation). It significantly increases supply-chain and remote-code-execution attack surface if downstream code or inputs are untrusted. Tighten permissions (remove pip3 wildcard, restrict Bash args, and narrow WebFetch domains) and enforce validation and sandboxing before allowing these operations.