cliproxy-newapi-stack

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell commands and SSH to interact with a remote VPS. Scripts such as deploy_newapi.sh, topup.sh, and verify_stack.sh execute remote logic to install Docker, manage services, and query database states. These operations are essential for the skill's deployment goals.
  • [REMOTE_CODE_EXECUTION]: The script scripts/set_pricing.py employs a dynamic code generation pattern where a Python heredoc is constructed locally and piped to python3 on the remote server via SSH. This mechanism is used to perform structured updates on the NewAPI SQLite database. Input safety is maintained through strict regex-based validation of parameters in the validation.sh library.
  • [COMMAND_EXECUTION]: The troubleshooting documentation in references/troubleshooting.md provides instructions for manual process termination (e.g., using kill <pid>) to resolve port conflicts. This is a standard system administration procedure and is documented as a manual user action rather than an automated malicious behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — cliproxy-newapi-stack