yutori-login
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to execute 'uvx yutori-mcp login'. The 'uvx' tool fetches and executes the 'yutori-mcp' package from PyPI. This package is not associated with any trusted organization or repository listed in the security standards.
- [REMOTE_CODE_EXECUTION] (MEDIUM): Running 'yutori-mcp' via 'uvx' constitutes execution of third-party code from a remote source. While the instruction directs the user to perform this action manually in a separate terminal, the safety and integrity of the external package have not been verified.
- [COMMAND_EXECUTION] (LOW): The skill specifically details a command-line operation for authentication. It includes a safety instruction for the agent not to execute the command directly via Bash, requiring user intervention, which mitigates the risk but does not eliminate the concern regarding the untrusted source.
Audit Metadata