remix-cli
Fail
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install the Remix CLI by piping a remote script directly to bash:
curl -fsSL https://remix.gg/install.sh | bash. This is a high-risk pattern that executes arbitrary remote code without integrity verification. - [DATA_EXFILTRATION]: The skill documentation identifies the exact locations of sensitive user data, including credentials in
~/.config/remix/credentials.jsonand project configuration in.remix-cli.json. Identifying these paths increases the risk of targeted data exposure or harvesting. - [COMMAND_EXECUTION]: The skill relies on the execution of terminal commands via the
remixCLI tool to perform authentication, game management, and configuration tasks, which involves direct interaction with the host shell and file system.
Recommendations
- HIGH: Downloads and executes remote code from: https://remix.gg/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata