Is Zjianru/restart-guard safe?
https://github.com/Zjianru/restart-guard
This skill provides infrastructure restart capabilities with automatic execution triggered by natural language phrases, bypassing normal user consent mechanisms. While the functionality may be legitimate for system administration, the automatic trigger design and system-level privileges present significant risks.
Category Scores
Findings (4)
CRITICAL Automatic Execution Override -80 ▶
The SKILL.md explicitly instructs the agent to 'must auto-run, do not ask user for script commands' when restart-related phrases are detected. This bypasses normal user consent mechanisms and forces automatic execution of potentially dangerous restart operations.
HIGH System-Level Executable Scripts -40 ▶
The skill contains extensive Python scripts capable of system-level operations including process management, service restarts, file system operations, and network requests. These scripts can spawn guardian processes, trigger gateway restarts via HTTP/signals, and manage system locks.
MEDIUM Automatic Session Data Access -25 ▶
The skill automatically reads session keys, user context, and environment variables without explicit user consent. It also sends notifications to external services (Telegram, Discord, Slack, webhooks) which could leak system state information.
MEDIUM Infrastructure Restart Risk -60 ▶
The skill is designed to automatically restart critical gateway infrastructure based on natural language triggers, potentially causing unintended service disruptions, loss of active connections, or system instability if triggered accidentally or maliciously.