Skills
skills/zeeshan8281/eigen-skills/eigen-compute/Gen Agent Trust Hub

eigen-compute

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • COMMAND_EXECUTION (HIGH): In scripts/compute-api.js, the _exec helper function uses execSync to execute shell commands via string concatenation. Several methods, including getAppInfo, getAppLogs, stopApp, startApp, and upgradeApp, pass the appId parameter directly into the shell command without sanitization. An attacker providing a malicious appId (e.g., ; rm -rf /) could achieve arbitrary command execution on the host.
  • DATA_EXFILTRATION (HIGH): The computeConfigHash function in scripts/compute-api.js takes an array of file paths and reads their contents using fs.readFileSync. This provides a primitive for unauthorized reading of any sensitive file on the system (e.g., ~/.ssh/id_rsa, /etc/passwd) if the agent is prompted to process malicious paths.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the @layr-labs/ecloud-cli package via npm. The @layr-labs organization is not included in the predefined list of trusted external sources, making this an unverifiable dependency.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 20, 2026, 11:47 PM