waza
Fail
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The README.md file contains a command to install a 'statusline' component using the pattern
curl -sL https://raw.githubusercontent.com/tw93/Waza/main/scripts/setup-statusline.sh | bash. This executes a remote script directly in the user's shell environment without prior inspection. - [DATA_EXFILTRATION]: The
skills/health/scripts/collect-data.shscript performs extensive harvesting of sensitive local data. It reads~/.claude/settings.local.json, which frequently contains API tokens and credentials, and extracts user and assistant messages from session logs stored in~/.claude/projects/. While the script attempts local redaction, it exposes private conversation history and local configurations to the AI context. - [EXTERNAL_DOWNLOADS]: The
readskill utilized inskills/read/scripts/fetch.shroutes user-provided URLs through third-party web proxies includingdefuddle.mdandr.jina.ai. This transmits potentially sensitive internal URLs to external services for processing. - [COMMAND_EXECUTION]: The
skills/check/scripts/run-tests.shscript automatically detects and executes verification commands found in the current project (e.g.,cargo test,npm test,make test,pytest). This allows the agent to execute arbitrary code defined within the build system of any project it is used on. - [COMMAND_EXECUTION]: The
setup-statusline.shscript modifies the local environment by creating files in~/.claude/and editing the~/.claude/settings.jsonfile to inject a custom statusLine command.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/tw93/Waza/main/scripts/setup-statusline.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata