atuin-history-cleanup
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the
subprocessmodule to interact with the local Atuin CLI. - It runs commands such as
atuin info,atuin search, andatuin history dedupto perform history management tasks. - All commands are constructed using list-based arguments and parameters are sanitized with
shlex.quoteto mitigate command injection risks. - [COMMAND_EXECUTION]: Utilizes terminal automation through pseudo-terminals (
pty.openpty) to drive Atuin's interactive search view. - This mechanism sends standard control sequences (such as
Ctrl+OandCtrl+D) to programmatically confirm and delete specific history entries. - [SAFE]: Implements comprehensive data protection and integrity measures.
- Read-only Access: The SQLite history database is opened in read-only mode during the audit phase to prevent accidental modification.
- Transactional Workflow: The
cleanup-typoscommand performs a full database backup usingsqlite3.backupbefore making any changes. - Verification and Rollback: The skill verifies the deletion results against the planned audit and automatically restores the database from the backup if any discrepancy is detected.
- Modular Loading: Dynamically loads a local helper module (
atuin_history_cleanup_transactional.py) usingimportlib.utilwith a path derived from the script's own directory.
Audit Metadata