dioxus-guide
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the user to execute
curl -sSL http://dioxus.dev/install.sh | shto install the Dioxus CLI. Piped shell scripts from remote URLs are a high-risk pattern as they allow arbitrary code execution without local inspection. The sourcedioxus.devis not on the trusted organizations list, increasing the risk of supply chain compromise. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references an external setup script hosted on a non-HTTPS URL (
http://dioxus.dev/install.sh). The lack of encryption for the download path makes the installation vulnerable to man-in-the-middle (MITM) attacks. - [COMMAND_EXECUTION] (LOW): The skill provides documentation for several CLI commands (
dx serve,dx build,dx bundle). While these are standard for the tool's purpose, they perform broad operations on the local filesystem and network.
Recommendations
- HIGH: Downloads and executes remote code from: http://dioxus.dev/install.sh - DO NOT USE without thorough review
Audit Metadata