humanities-thesis
Fail
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's documentation and source code in
scripts/sources/autocli_fetch.pyexplicitly recommend installing an external utility using the commandcurl -fsSL https://raw.githubusercontent.com/nashsu/AutoCLI/main/scripts/install.sh | sh. This is a highly dangerous pattern that executes a script from an untrusted third-party source directly in the user's shell. - [COMMAND_EXECUTION]: The
scripts/sources/autocli_fetch.pymodule usessubprocess.runto execute theautoclibinary. This introduces a risk where the agent relies on an unverified external executable downloaded from a non-authoritative source, which could facilitate arbitrary command execution if the tool is malicious or compromised. - [DATA_EXFILTRATION]: In
scripts/lib/http_client.py, the skill implements a network client that automatically falls back to an insecure SSL context (ssl.CERT_NONE) if standard certificate verification fails. This behavior makes the agent vulnerable to man-in-the-middle (MITM) attacks, potentially leading to the theft of sensitive academic platform credentials (likeCNKI_COOKIE) and private research data during transmission. - [EXTERNAL_DOWNLOADS]: The skill facilitates numerous outbound connections to academic databases and search engines (OpenAlex, Semantic Scholar, CORE, etc.). While these services are generally legitimate, the skill's infrastructure encourages the central storage of multiple API keys and cookies in environment variables, which could be exposed through the insecure SSL fallback or the execution of the untrusted AutoCLI tool.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nashsu/AutoCLI/main/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata