dioxus-guide

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] The file is legitimate documentation for the Dioxus UI framework with standard examples and APIs. It does not include evident malicious code in the examples. However, it contains a high-risk installation instruction: piping a remotely fetched script into sh over plain HTTP. This is a supply-chain vector that can lead to arbitrary code execution if followed, and should be corrected (use HTTPS, signature/checksum verification, package manager installs, or instruct users to inspect the script before running). No other malicious indicators are present in the provided content. LLM verification: The SKILL.md is a benign developer guide; however, it contains a high-risk installation instruction: 'curl -sSL http://dioxus.dev/install.sh | sh'. Because the script is fetched over unencrypted HTTP, unpinned, and piped directly to sh, this constitutes a supply-chain and command-execution risk. The rest of the examples are typical and non-malicious. Recommend removing or replacing the command with a secure installation procedure (HTTPS, pinned checksums/signatures, package manager instructions,