Skills
skills/gntc-labs/skills/vibehost-deploy/Gen Agent Trust Hub

vibehost-deploy

Fail

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the user to download and execute a shell script directly from a remote URL using a 'pipe to shell' pattern. This method bypasses local inspection of the script's contents before execution.
  • Evidence: curl -fsSL https://vibehost.com/install.sh | sh in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and potentially binary executables from the vibehost.com domain.
  • Evidence: References to https://vibehost.com/install.sh and the CLI download.
  • [COMMAND_EXECUTION]: The skill relies on several shell commands for its core functionality, including account authentication and site deployment.
  • Evidence: Use of vibehost login, vibehost whoami, and vibehost deploy commands.
  • [CREDENTIALS_UNSAFE]: The skill describes methods for managing authentication tokens, including reading from a local configuration file and using environment variables. While standard for CLI tools, it involves the handling of sensitive credentials.
  • Evidence: Reference to ~/.config/vibehost/config.json and the VIBEHOST_TOKEN environment variable.
Recommendations
  • HIGH: Downloads and executes remote code from: https://vibehost.com/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 16, 2026, 10:05 PM
Security Audit — agent-trust-hub — vibehost-deploy