Skills
skills/dicklesworthstone/agent_flywheel_clawdbot_skills_and_integrations/ntm/Gen Agent Trust Hub

ntm

Fail

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill recommends an installation method using curl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/ntm/main/install.sh | bash. This pattern executes a remote script directly from the author's GitHub repository in the user's shell environment.
  • [COMMAND_EXECUTION]: The skill setup involves modifying the user's ~/.zshrc file to include eval "$(ntm init zsh)". This allows the tool to execute dynamically generated shell code every time a new terminal session is opened, creating a persistence mechanism for command execution.
  • [PROMPT_INJECTION]: The configuration examples in the documentation instruct users to run AI agents with safety-disabling flags such as --dangerously-skip-permissions, --dangerously-bypass-approvals-and-sandbox, and --yolo. These instructions specifically bypass the built-in security constraints and human-in-the-loop approval processes of the underlying AI models (Claude, Codex, and Gemini).
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Dicklesworthstone/ntm/main/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 15, 2026, 04:43 PM