animejs
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The installation instructions in README.md and the automated scanner report a 'one-liner' command:
curl -fsSL https://raw.githubusercontent.com/BowTiedSwan/animejs-skills/main/install.sh | bash. Pining a remote script from an untrusted GitHub account directly to a shell is a major security vulnerability that could lead to full system compromise. - EXTERNAL_DOWNLOADS (MEDIUM): The install.sh script uses curl to fetch additional markdown files from an untrusted repository at runtime. While these specific files appear to be documentation, the mechanism itself lacks integrity checks.
- COMMAND_EXECUTION (LOW): The installation script performs local environment modifications including directory creation (mkdir) and file writing via curl output redirection to the user's home directory.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/BowTiedSwan/animejs-skills/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata