Skills
NYC
skills/dicklesworthstone/agent_flywheel_clawdbot_skills_and_integrations/csctf/Gen Agent Trust Hub

csctf

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Remote Code Execution (CRITICAL): The skill implements a piped-to-shell execution pattern that downloads a script from a remote URL and executes it immediately.\n
  • Evidence: Detection of curl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/chat_shared_conversation_to_file/main/install.sh | bash.\n
  • Risk: This allows an external author to execute any command on the user's system. The script content can be modified at source at any time without user notification or review.\n- External Downloads (HIGH): The skill fetches executable content from a source that is not part of the verified trusted organizations list.\n
  • Evidence: Source Dicklesworthstone/chat_shared_conversation_to_file is an unverified GitHub repository.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Dicklesworthstone/chat_shared_conversation_to_file/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 05:49 PM