revx-auth
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install a global NPM package named
cli-k9x2a. This package name does not align with the vendor's known naming conventions (e.g., 'revolut-engineering-*') nor with the command name it supposedly provides. - [COMMAND_EXECUTION]: The instructions encourage users to execute the
revxcommand after installing thecli-k9x2apackage. Running a global binary from an unverified package with a mismatched name poses a risk of executing arbitrary or malicious code on the user's system.
Audit Metadata