Skills
skills/akillness/skills-template/npm-git-install/Gen Agent Trust Hub

npm-git-install

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the user or agent to install a package from an unknown third-party repository: https://github.com/JEO-tech-ai/supercode.git. This involves cloning and executing potentially arbitrary code during the npm 'prepare' or install lifecycle.
  • [COMMAND_EXECUTION]: Provides instructions for privilege escalation using sudo to change ownership of system directories (/usr/local/lib/node_modules) and install system packages via apt-get.
  • [COMMAND_EXECUTION]: Includes commands to modify the user's shell profile (~/.bashrc) to alter the PATH environment variable, which can be used as a persistence mechanism.
  • [CREDENTIALS_UNSAFE]: Encourages the use of Personal Access Tokens (PAT) in URLs for authentication (https://<token>@github.com/...), which can lead to credentials being stored in shell history or log files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 12:43 PM