ntm
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill uses the 'curl | bash' pattern to download and immediately execute a script from a remote URL. This is a severe security risk as the content of the script is not pinned to a specific version and could be modified by the author or an attacker to execute malicious commands.
- Evidence: 'curl -fsSL https://raw.githubusercontent.com/Dicklesworthstone/ntm/main/install.sh | bash'
- External Downloads (HIGH): The skill attempts to fetch resources from a GitHub repository ('Dicklesworthstone/ntm') that is not on the list of trusted external sources. There is no verification of the integrity or safety of the content being downloaded.
- Command Execution (HIGH): Executing shell scripts directly from the web bypasses standard package management and security audits, potentially leading to full system compromise.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Dicklesworthstone/ntm/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata