wraps-cli
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (CRITICAL): The skill instructs the agent to run
@wraps.dev/cliusingnpxornpm install. This executes code from an untrusted source that is not part of the defined trust scope. Given the high privileges required (AWS Administrator access), this constitutes a critical risk of supply chain attack or arbitrary code execution. - REMOTE_CODE_EXECUTION (CRITICAL): The use of
npxto execute a package directly from the npm registry allows for immediate execution of remote, unvetted code within the user's environment. - CREDENTIALS_UNSAFE (HIGH): The skill explicitly targets sensitive AWS credential files (
~/.aws/credentials) and environment variables (AWS_SECRET_ACCESS_KEY). If the untrusted CLI is malicious, it has immediate access to these secrets. - COMMAND_EXECUTION (HIGH): The CLI is designed to perform high-impact operations including
iam:CreateRoleandiam:AttachRolePolicy. This provides a direct path for privilege escalation within the user's AWS account. - DATA_EXFILTRATION (MEDIUM): The CLI includes a telemetry feature that sends usage data to an external domain (
wraps.dev) which is not whitelisted. While described as anonymous, this mechanism could be used to exfiltrate sensitive metadata or configuration data from the environment.
Recommendations
- AI detected serious security threats
Audit Metadata