rlm-project-assistant
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the Rust toolchain from the well-known rustup.rs domain and installs Visual Studio Build Tools via the Windows Package Manager (winget). These are official and well-known sources.
- [REMOTE_CODE_EXECUTION]: Clones, builds, and runs source code from the unverified repository at https://github.com/softwarewrighter/rlm-project.git. Running and building unvetted third-party code on a host system poses a significant security risk if the repository is compromised.
- [COMMAND_EXECUTION]: Provides instructions to execute system-level commands, including modifying the PATH environment variable and running locally compiled binaries like rlm-server.exe.
- [REMOTE_CODE_EXECUTION]: Utilizes the curl-to-shell pipe pattern (curl | sh) to install the Rust toolchain from https://sh.rustup.rs. While this is the official installation method for Rust, it remains a sensitive operation that executes remote scripts directly.
Recommendations
- HIGH: Downloads and executes remote code from: https://sh.rustup.rs - DO NOT USE without thorough review
Audit Metadata