Skills
skills/yuyou-dev/dreamina-cli-skill/dreamina-cli/Gen Agent Trust Hub

dreamina-cli

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The README.md provides installation instructions using the command curl -fsSL https://jimeng.jianying.com/cli | bash. This executes a remote shell script from the official domain of a well-known service (Dreamina/Jianying, owned by ByteDance).
  • [COMMAND_EXECUTION]: The central logic in scripts/dreamina_wrapper.py uses the subprocess.run function to invoke the dreamina CLI binary. The command is executed as a list of strings, which is a secure practice to prevent shell injection. While the binary path is configurable via the --dreamina-bin argument, this is a standard design pattern for CLI wrappers.
  • [EXTERNAL_DOWNLOADS]: The skill relies on the external dreamina CLI tool, which is downloaded during the setup process as documented in the README.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 03:55 PM