uptime-monitor

Fail

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly reads and parses sensitive credential data from a local file path at ~/.gooseworks/credentials.json. It uses a Python one-liner to extract an api_key and assign it to an environment variable (GOOSEWORKS_API_KEY).
  • [DATA_EXFILTRATION]: Extracted credentials are sent to an external service (api.gooseworks.ai or a variable GOOSEWORKS_API_BASE) via curl commands. While this appears to be the intended function of the skill, the pattern of reading local secrets and transmitting them to a remote endpoint is a primary data exfiltration vector.
  • [COMMAND_EXECUTION]: The skill uses python3 -c within shell commands to execute dynamic Python code for the purpose of reading local files and manipulating environment variables. It also suggests the execution of npx gooseworks login, which involves third-party package execution via Node.js.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — uptime-monitor