Skills
skills/fwfutures/vibe-a-thon/setup-mac-dev/Gen Agent Trust Hub

setup-mac-dev

Fail

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses sudo softwareupdate to bypass GUI prompts and install system-level Xcode Command Line Tools.- [REMOTE_CODE_EXECUTION]: Executes the Homebrew installation script directly from GitHub's infrastructure using curl | /bin/bash.- [REMOTE_CODE_EXECUTION]: Fetches and pipes a shell script from astral.sh to install the uv tool.- [EXTERNAL_DOWNLOADS]: Downloads Node.js binaries from the official nodejs.org distribution servers.- [EXTERNAL_DOWNLOADS]: Downloads external repository data as zipballs from the GitHub API when git cloning is unavailable.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 5, 2026, 05:51 AM