Skills
skills/wgpsec/aboutsecurity/ccupp-password-profiler/Gen Agent Trust Hub

ccupp-password-profiler

Warn

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads source code from a third-party GitHub repository (github.com/WangYihang/ccupp.git). This repository is not maintained by the skill author or a recognized trusted organization.
  • [COMMAND_EXECUTION]: The skill provides instructions for executing various shell commands to install the tool using 'f8x', 'git clone', and 'pipx install', as well as operational commands like 'ccupp generate'. These commands allow for the execution of external binaries and scripts on the local system.
  • [COMMAND_EXECUTION]: The skill encourages users to store sensitive personal information such as identity numbers, phone numbers, and birthdates in a local 'config.yaml' file to serve as input for the password generation process.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 22, 2026, 10:07 AM