crabbox
Warn
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is to execute arbitrary shell commands on remote platforms (Linux, macOS, Windows, WSL2) using the
crabbox runcommand. This includes running installation scripts, test suites, and system diagnostics. - [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of local scripts on remote hosts via the
--scriptand--script-stdinflags. It also manages remote execution through various backends, including cloud providers and SSH targets. - [DATA_EXFILTRATION]: The skill includes functionality for publishing artifacts (
crabbox artifacts publish) to external URLs. It also provides mechanisms to forward local environment variables to remote systems usingCRABBOX_ENV_ALLOWand--allow-envflags. - [EXTERNAL_DOWNLOADS]: The documentation instructs the agent to download and install the
crabboxCLI fromhttps://crabbox.shif it is not present in the local environment. - [CREDENTIALS_UNSAFE]: The skill explicitly manages the injection of sensitive data such as
OPENAI_API_KEY,OPENAI_BASE_URL, andCRABBOX_COORDINATOR_TOKENinto remote process environments. It also references local configuration files that store tokens (~/Library/Application Support/crabbox/config.yaml).
Audit Metadata