sillytavern-honcho-setup

Fail

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill accesses the sensitive configuration file ~/.honcho/config.json to probe for existing API keys and host configuration. It also uses AskUserQuestion to prompt users to manually input their API keys and Workspace IDs if they are not found in the local configuration.
  • [REMOTE_CODE_EXECUTION]: Employs a risky execution pattern by piping the output of a network request (curl) directly into python3 and node interpreters for processing. While the target URL is a local port (127.0.0.1), this pattern matches high-severity remote code execution signatures.
  • [COMMAND_EXECUTION]: Performs extensive system operations via Bash, including process management (kill, lsof, pgrep), file system manipulation (ln, mkdir, cp, rm), and starting the SillyTavern server in the background.
  • [EXTERNAL_DOWNLOADS]: Downloads and installs external Node.js dependencies, including the @honcho-ai/sdk, from the NPM registry via npm install during the setup process.
  • [DYNAMIC_EXECUTION]: Utilizes Python heredocs (`python3
  • ... <<'PY') and inline script execution (python3 -c, node -e`) to dynamically execute code for JSON parsing and configuration validation at runtime.
Recommendations
  • HIGH: Downloads and executes remote code from: http://127.0.0.1:$PORT/csrf-token - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 26, 2026, 03:24 PM
Security Audit — agent-trust-hub — sillytavern-honcho-setup