hetzner-codex-remote
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches installation scripts and configuration files from well-known services, including Tailscale's official site and the NVM project on GitHub.
- [REMOTE_CODE_EXECUTION]: Executes the Tailscale installation script on the remote server via a piped shell command.
- [COMMAND_EXECUTION]: Performs extensive system-level configuration on the remote VPS, including creating a dedicated user, managing firewall rules with UFW, and hardening the SSH daemon configuration.
- [DATA_EXFILTRATION]: Accesses the local SSH public key and GitHub authentication tokens to enable access on the remote machine. These operations are performed as part of the intended setup workflow and use secure methods (such as piping directly to SSH) to avoid exposing sensitive data in the interaction history.
Audit Metadata