bk-cli-nodeman

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the bk-cli nodeman command-line utility to perform administrative actions such as installing agents and fetching job details.
  • [CREDENTIALS_UNSAFE]: The install_job command pattern involves passing a JSON object containing a password field as a command-line argument. This is a potential security risk as sensitive credentials may be visible in process listings or shell history during execution.
  • [PROMPT_INJECTION]: The skill uses the 'CRITICAL' keyword to emphasize documentation dependencies ('MUST 先用 Read 工具读取'). This is evaluated as a benign instructional pattern for developer workflow and not a malicious bypass attempt.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 07:52 AM
Security Audit — agent-trust-hub — bk-cli-nodeman