Skills
skills/tobihagemann/turbo/consult-oracle/Gen Agent Trust Hub

consult-oracle

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/refresh_cookies.py executes the macOS security utility to retrieve the 'Chrome Safe Storage' password from the system Keychain to enable decryption of browser data.
  • [CREDENTIALS_UNSAFE]: Decrypted ChatGPT session cookies are saved in plaintext at ~/.oracle/cookies.json, making sensitive authentication tokens accessible to any local process.
  • [EXTERNAL_DOWNLOADS]: The scripts/run_oracle.py script uses npx -y to download and execute the @steipete/oracle package from the npm registry at runtime without prior local verification.
  • [REMOTE_CODE_EXECUTION]: The skill executes an unverified third-party npm package (@steipete/oracle) and passes it the user's decrypted session cookies, creating a risk of account compromise if the external package is malicious.
  • [DATA_EXFILTRATION]: The skill extracts browser session tokens and transmits them to https://chatgpt.com/api/auth/session for validation; while the destination is a well-known service, the automated handling of raw session tokens involves inherent risk.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 05:59 PM