init-onecli
Fail
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads and executes shell scripts directly from a remote domain using the pattern
curl -fsSL onecli.sh/install | sh. This allows for arbitrary code execution from a third-party source without prior verification. - [COMMAND_EXECUTION]: The skill modifies shell initialization files (
~/.bashrcand~/.zshrc) to persistently alter the systemPATHand ensure the downloaded tool is accessible. - [DATA_EXFILTRATION]: The skill performs a full read of the
.envfile (cat .env) to extract multiple sensitive API keys and OAuth tokens (e.g., ANTHROPIC_API_KEY, OPENAI_API_KEY). These are then passed to the externalonecliutility. - [CREDENTIALS_UNSAFE]: Sensitive credentials harvested from the environment are passed as plain-text command-line arguments (
--value <key>) to theonecli secrets createcommand. This exposes API keys to local process monitoring tools, system logs, and shell command history. - [COMMAND_EXECUTION]: The skill executes service management commands (
launchctlon macOS andsystemctlon Linux) to restart background processes after the configuration is modified.
Recommendations
- AI detected serious security threats
Audit Metadata