skills/flora131/atomic/crabbox/Gen Agent Trust Hub

crabbox

Warn

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill's primary function is to execute arbitrary shell commands on remote platforms (Linux, macOS, Windows, WSL2) using the crabbox run command. This includes running installation scripts, test suites, and system diagnostics.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of local scripts on remote hosts via the --script and --script-stdin flags. It also manages remote execution through various backends, including cloud providers and SSH targets.
  • [DATA_EXFILTRATION]: The skill includes functionality for publishing artifacts (crabbox artifacts publish) to external URLs. It also provides mechanisms to forward local environment variables to remote systems using CRABBOX_ENV_ALLOW and --allow-env flags.
  • [EXTERNAL_DOWNLOADS]: The documentation instructs the agent to download and install the crabbox CLI from https://crabbox.sh if it is not present in the local environment.
  • [CREDENTIALS_UNSAFE]: The skill explicitly manages the injection of sensitive data such as OPENAI_API_KEY, OPENAI_BASE_URL, and CRABBOX_COORDINATOR_TOKEN into remote process environments. It also references local configuration files that store tokens (~/Library/Application Support/crabbox/config.yaml).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 6, 2026, 10:34 PM
Security Audit — agent-trust-hub — crabbox