eightctl

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill's metadata contains configuration to fetch and build a Go module directly from a remote source (github.com/steipete/eightctl/cmd/eightctl@latest). This involves downloading and executing external code on the local environment.
  • [EXTERNAL_DOWNLOADS]: The skill depends on an external binary that is not pre-packaged with the skill, requiring it to be pulled from a third-party developer's repository during installation.
  • [COMMAND_EXECUTION]: The skill provides instructions for the agent to run the eightctl CLI tool with various system-impacting flags (e.g., status, on/off, temp, alarm), allowing the agent to spawn local processes and interact with network APIs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — eightctl