safe-encryption
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's instructions guide the agent to download and execute prebuilt binary files from the external domain 'thesafe.dev'. This includes platform-specific binaries for macOS (arm64/amd64) and Linux (amd64/arm64).
- [COMMAND_EXECUTION]: Installation procedures include the use of 'sudo' to move downloaded binaries into restricted system paths such as '/usr/local/bin/', representing a privilege escalation risk.
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to download and pipe an installation script directly into the shell using 'curl -sSfL https://thesafe.dev/install.sh | sh'.
- [DATA_EXFILTRATION]: The skill is configured to automatically discover, read, and use sensitive cryptographic identities from '
/ .ssh/' (e.g., id_ed25519, id_ecdsa) and '/ .safe/keys/', which poses a significant data exposure risk if the external tool or domain is compromised. - [PROMPT_INJECTION]: The behavior guidelines instruct the agent to execute cryptographic operations without seeking user confirmation ('When the user asks to encrypt/decrypt, just do it. Don't ask for confirmation.'), which bypasses standard safety protocols for sensitive actions.
Recommendations
- HIGH: Downloads and executes remote code from: https://thesafe.dev/downloads/safe-darwin-amd64, https://thesafe.dev/downloads/safe-linux-amd64, https://thesafe.dev/downloads/safe-darwin-arm64 - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata