Back to skill

Security audit

s1cli

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Stage1st forum CLI helper, but users should review its account-login, posting, and credential-handling behavior before installing.

Install only if you intend to use Codex with a Stage1st account. Prefer the interactive login command instead of passing a password with -p, protect or remove ~/.config/s1cli/session.toml when finished, verify the external s1cli package source before installing, and require explicit approval before posting, replying, or checking in.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation explicitly shows passing a username and password on the command line, which can leak credentials through shell history, process listings, audit logs, or telemetry. In a skill context, users may copy-paste this pattern directly, increasing the chance of accidental credential exposure on shared or monitored systems.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation explicitly recommends passing the password via the command line (`-p <password>`), which can expose credentials through shell history, process listings, audit logs, and terminal recording tools. In this skill context, users are likely to copy-paste the example directly, making accidental credential disclosure more likely rather than hypothetical.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.