Skills
skills/oaustegard/claude-skills/llm-as-computer/Gen Agent Trust Hub

llm-as-computer

Fail

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to read the sensitive project-level environment file /mnt/project/GitHub.env to retrieve a GH_TOKEN credential.\n- [DATA_EXFILTRATION]: The retrieved GH_TOKEN is used in the Authorization header of network requests made to api.github.com via curl to authenticate file downloads.\n- [EXTERNAL_DOWNLOADS]: The skill provides instructions to fetch multiple source files (including executor.mojo and runner.py) from an external GitHub repository (oaustegard/llm-as-computer) to replace its own local files.\n- [REMOTE_CODE_EXECUTION]: The skill features a self-update mechanism where it downloads remote scripts and replaces its local executable components, followed by re-compilation and execution. This allows the skill to modify its behavior after deployment, potentially bypassing initial security evaluations.\n- [COMMAND_EXECUTION]: The skill performs several high-risk command-line operations:\n
  • Modifies the system environment by installing packages using uv pip install --system --break-system-packages.\n
  • Compiles source code at runtime using mojo build to generate a binary executable (percepta_exec).\n
  • Executes system commands and the compiled binary using subprocess.run and shell scripts.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 7, 2026, 04:36 AM