skills/dzianisv/skills/spaceship-dns/Gen Agent Trust Hub

spaceship-dns

Fail

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill accesses a sensitive local file path at ~/.bitwarden_credentials to source environment variables and credentials.
  • [DATA_EXFILTRATION]: Retrieves sensitive API tokens (VERCEL_TOKEN) using the Bitwarden CLI and transmits them to external API endpoints (api.vercel.com).
  • [COMMAND_EXECUTION]: Executes several shell commands including curl, bw unlock, python3, and a custom browser automation tool (vibebrowser-cli).
  • [EXTERNAL_DOWNLOADS]: Establishes a WebSocket connection to a remote relay service at relay.api.vibebrowser.app to perform browser automation tasks. While this is part of the tool's architecture, it involves sending interaction data to a third-party service.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 21, 2026, 02:49 AM
Security Audit — agent-trust-hub — spaceship-dns