beads-rust
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains instructions for the agent to download a script and execute it immediately without verification.
- Evidence: In
SKILL.md, the commandcurl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/beads_rust/main/install.sh?$(date +%s)" | bashis provided as the recommended installation method. - Risk: This pattern allows an untrusted third party (the repository owner) to execute arbitrary code on the host system. The use of
$(date +%s)in the URL is a cache-busting technique that ensures the most recent (potentially malicious) version of the script is always fetched. - [EXTERNAL_DOWNLOADS] (HIGH): The skill encourages downloading software from a non-whitelisted, untrusted source.
- Evidence: References to
github.com/Dicklesworthstone/beads_rustin bothSKILL.mdandREADME.mdfor tool installation. - Risk: Untrusted sources do not have the security guarantees of the platforms listed in the Trusted External Sources rule, increasing the risk of supply chain attacks.
- [COMMAND_EXECUTION] (MEDIUM): The skill defines broad command execution permissions for the
brtool. - Evidence:
.claude/settings.local.jsongrants permission forBash(br:*). - Risk: While necessary for the skill's functionality, these permissions facilitate the impact of the CRITICAL RCE finding by allowing the installed tool to perform wide-ranging actions across the filesystem.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/Dicklesworthstone/beads_rust/main/install.sh?$(date - DO NOT USE
- AI detected serious security threats
Audit Metadata