nixomatic

[Skill Scanner] Social engineering lure: skill claims external tool is required and directs to URL for setup All findings: [CRITICAL] supply_chain: Social engineering lure: skill claims external tool is required and directs to URL for setup (SC008) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The module itself is not overtly malicious: it reasonably detects project requirements, composes a nixomatic flake URL, runs nix/docker commands, and updates README.md. However, it instructs agents to fetch and execute flakes from a third-party service (nixomatic.com) and to mount the project into containers, which constitutes a high-value supply-chain attack surface. Recommend these mitigations before trusting or running generated flakes: prefer local flake.nix when available, pin or verify flake content (checksums/signatures), avoid mounting sensitive workspaces or restrict mounts, run flake evaluation in an isolated ephemeral environment first, and require human review of generated flake content for untrusted domains. Follow the 'do not read secrets' rule but implement technical controls where possible (explicit file path whitelists/blacklists, read-only mounts). LLM verification: This skill is functionally coherent with its described purpose: detecting project tooling, constructing a nixomatic.com URL, running commands inside a nix develop (or Docker-wrapped nix) environment, and updating README.md. However, it embodies several supply-chain and privilege-exposure risks: it depends on executing remote flakes from a third-party service (download-and-execute pattern), mounts the entire project into containers (exposing potential secrets), and performs automatic writes to RE