wespy-fetcher
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/wespy_cli.pyis designed to automatically clone an external repository fromhttps://github.com/tianchangNorth/WeSpy.gitto the user's local directory (~/Documents/QNSZ/project/WeSpy) if it is not already present. - [REMOTE_CODE_EXECUTION]: The skill performs dynamic code loading by adding the freshly cloned repository to the Python search path (
sys.path) and importing its main entry point (wespy.main.main). This enables the execution of external, unverified code at runtime. - [COMMAND_EXECUTION]: The skill uses the
subprocess.runmodule to execute system-levelgit clonecommands to manage its external dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata