sillytavern-honcho-setup
Fail
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses the sensitive configuration file
~/.honcho/config.jsonto probe for existing API keys and host configuration. It also usesAskUserQuestionto prompt users to manually input their API keys and Workspace IDs if they are not found in the local configuration. - [REMOTE_CODE_EXECUTION]: Employs a risky execution pattern by piping the output of a network request (
curl) directly intopython3andnodeinterpreters for processing. While the target URL is a local port (127.0.0.1), this pattern matches high-severity remote code execution signatures. - [COMMAND_EXECUTION]: Performs extensive system operations via
Bash, including process management (kill,lsof,pgrep), file system manipulation (ln,mkdir,cp,rm), and starting the SillyTavern server in the background. - [EXTERNAL_DOWNLOADS]: Downloads and installs external Node.js dependencies, including the
@honcho-ai/sdk, from the NPM registry vianpm installduring the setup process. - [DYNAMIC_EXECUTION]: Utilizes Python heredocs (`python3
- ... <<'PY'
) and inline script execution (python3 -c,node -e`) to dynamically execute code for JSON parsing and configuration validation at runtime.
Recommendations
- HIGH: Downloads and executes remote code from: http://127.0.0.1:$PORT/csrf-token - DO NOT USE without thorough review
Audit Metadata