Skills
skills/andrejones92/canifi-life-os/nest/Gen Agent Trust Hub

nest

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs users to execute curl -sSL https://canifi.com/skills/nest/install.sh | bash and curl -sSL https://canifi.com/install.sh | bash. This allows arbitrary code execution from the untrusted domain canifi.com directly on the user's host machine.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill relies on external scripts and configuration tools hosted on canifi.com, which is not a recognized trusted source. There are no mechanisms for verifying the integrity of these remote files.
  • [CREDENTIALS_UNSAFE] (HIGH): The 'Option 2' setup instructions recommend storing SERVICE_PASSWORD in environment variables using a tool installed via the untrusted remote scripts, creating a direct path for credential exfiltration.
Recommendations
  • HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/nest/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 05:35 PM
Security Audit — agent-trust-hub — nest