spaceship-dns
Fail
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses a sensitive local file path at
~/.bitwarden_credentialsto source environment variables and credentials. - [DATA_EXFILTRATION]: Retrieves sensitive API tokens (VERCEL_TOKEN) using the Bitwarden CLI and transmits them to external API endpoints (api.vercel.com).
- [COMMAND_EXECUTION]: Executes several shell commands including
curl,bw unlock,python3, and a custom browser automation tool (vibebrowser-cli). - [EXTERNAL_DOWNLOADS]: Establishes a WebSocket connection to a remote relay service at
relay.api.vibebrowser.appto perform browser automation tasks. While this is part of the tool's architecture, it involves sending interaction data to a third-party service.
Recommendations
- AI detected serious security threats
Audit Metadata