hsb-setup

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses SSH heredoc patterns to execute large blocks of code and scripts on remote devkits. It also downloads and runs build scripts (docker/build.sh) from an external GitHub repository.
  • [CREDENTIALS_UNSAFE]: The skill interacts with highly sensitive files, including ~/.ssh/authorized_keys and ~/.docker/config.json. Specifically, it contains logic to propagate the current user's Docker credentials to every human user account on the target system.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to run privileged commands via sudo. This includes modifying system configuration files (/etc/sysctl.d/), creating systemd services (jetson_clocks.service), and adding multiple users to the docker group, which is a known vector for privilege escalation.
  • [EXTERNAL_DOWNLOADS]: The skill clones and pulls code from a remote repository (nvidia-holoscan/holoscan-sensor-bridge.git). While originating from a well-known organization, executing unverified code from external sources carries inherent supply-chain risks.
  • [DATA_EXFILTRATION]: The skill's ability to read credential files and system configuration, combined with its usage of network-enabled tools like ssh and git, creates a technical surface for potential data exfiltration.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 04:34 PM
Security Audit — agent-trust-hub — hsb-setup