minio
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Uses sudo mv to install the MinIO client binary to /usr/local/bin, which involves privilege escalation.
- [COMMAND_EXECUTION]: Creates and makes executable a shell script in /tmp/minio-curl to handle curl requests with credentials.
- [EXTERNAL_DOWNLOADS]: Fetches the official MinIO client (mc) from dl.min.io, which is a well-known service.
- [CREDENTIALS_UNSAFE]: Includes hardcoded access and secret keys for the public MinIO Play test server (play.min.io).
- [CREDENTIALS_UNSAFE]: Configures local storage of credentials via mc alias set and aws configure set commands.
Audit Metadata