qoder-wiki
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The documentation file 'docs/支持/MCP常见问题.md' contains commands for downloading and executing scripts from the internet to install tools. Examples include 'curl -LsSf https://astral.sh/uv/install.sh | sh' and a similar PowerShell command using 'iex'. An agent with terminal access might attempt to run these commands to fix environment errors it encounters during operation.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): Multiple files ('docs/拓展能力/MCP.md', 'docs/拓展能力/Skills.md') provide examples of using 'npx' to download and run packages from remote registries at runtime. This practice introduces risk if the packages or registries are compromised.\n- [COMMAND_EXECUTION] (LOW): The documentation contains various terminal commands for configuration and connectivity testing, such as using 'curl' to ping 'api1.qoder.sh' as described in 'docs/支持/FAQ.md'.
Audit Metadata