auto-claude-setup
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Remote Code Execution] (HIGH): The skill instructs the agent to download and execute scripts directly from external URLs without verification or integrity checks.
- Evidence:
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bashin WSL2 setup. - Evidence:
curl -fsSL https://deb.nodesource.com/setup_24.x | sudo -E bash -in Linux setup. - Evidence:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"in macOS setup. - [Privilege Escalation] (HIGH): Several instructions require the use of
sudo, which grants the setup process full administrative access to the system. - Evidence:
sudo apt install -y nodejsand subsequent piping of remote scripts tosudo bash. - [External Downloads] (HIGH): The skill clones and runs code from a third-party GitHub repository ('AndyMik90/Auto-Claude') that is not on the trusted organizations list.
- Evidence:
git clone https://github.com/AndyMik90/Auto-Claude.gitfollowed bynpm run install:all. - [Indirect Prompt Injection] (LOW): The skill serves as a gateway to external data (README, guides, and repositories) that could contain malicious instructions processed by the agent during installation.
- Ingestion points:
SKILL.md(instructions),AndyMik90/Auto-Claude(cloned repository content). - Boundary markers: Absent; no clear separation between instructions and data-driven commands.
- Capability inventory: Full shell execution, privilege escalation via sudo, network access (curl/git), and file system modification.
- Sanitization: None; commands are executed as provided in the markdown guide.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata