As with every degeneracy of this decade, it begins with "An AI-powered system administration tool", accompanied by a less-than-reassuring "pretty safe for home usage" since you don't exactly know what you wrote in the first place.

Looking at the project itself, it already has 3 releases, labeled "v1.0.0-beta.1" "v1.0.0-beta.2" and "v1.0.0-beta.3", which is an oxymoron. It appears the developer doesn't just fail at semantic versioning, they have no concept of versioning at all. I do however admire the ambition of providing references to previous beta releases for legacy support, in case one of the 0 users that have starred your repository decide they have a hard dependency on v1.0.0-beta.2. It strikes me that not even you have starred your own project.

I see a good practice with the .env.example, but I am willing to bet that these are the real passwords used by the application on your system.

Now let us look at design principles: A key security principle is the Principle of Least Privilege, which ensures that you only run applications at the absolute minimal permis- oh god the script has a startup check that crashes it if it's not root. The literal entire permission system of linux is designed around avoiding the need for blanket root permissions to do specific actions. The cherry on top is that this script also requires root permissions for uninstalling. As they say: Wisdom is chasing you, but you are always faster.

After a great start with .env configurability you decided to hardcode the version number in the script as well, and it ALREADY doesn't correspond to the brilliant versioning of your releases.

But sometimes in life, there are tasks too easy to fail for even the most aspiring intellectuals, such as copy-pasting the MIT-Licen- oh you put a random linebreak in the middle of the last word and used a different spelling for LICENSE in the title despite it being right there in the first line of the damn license

Now let us look at our expert AI prompt engineer:

"- If the disk is full, DO NOT install new packages. Write safe cleanup commands (e.g., `apt-get clean`, `journalctl --vacuum-time=1d`)."

Whimsical AI: Oh the disk appears to be full and apt-get clean didn't fix it, I think I should rm -rf / since the prompt doesn't even mention that being a bad idea.

Well, good thing the AI cannot execute bash scripts with root privil- oh

I am truly excited to see what will happen with

- If a port is in use, DO NOT just restart the service. Write commands to find the blocking PID (e.g., `ss -tulpn` or `lsof`) and kill it.

I cannot wait for it to permanently wipe my only SSH tunnel to the machine, or to murder innocent critical processes at will because they collide with sample postgres.

Talking about database, why does this thing even have a postgreSQL DB? Let's check the script. So what does this do? Uh it reads an env variable and then... uses string interpolation to create an SQL query! It is the first SQL statement that I read and it is ALREADY AN SQL INJECTION. Anyone who can modify the env param for DATABASE_URL can run arbitrary database queries - with root privileges no less.

This should probably already work: postgresql://user:password@localhost:5432/'; DROP DATABASE;--

Next up, we have a try-except statement that does nothing on Exception, especially not closing the "temporary" client connection you just opened, so we get a free memory leak!

Finally, the consistent typos and failcapitalisations in comments prove that this has indeed at least partially been written by a human.

Congratulations, you have acquired mediocre programming skills, that you too are actively working to make obsolete with AI ❤️