Skills
skills/hermeticormus/libreuiux-claude-code/uv-package-manager/Gen Agent Trust Hub

uv-package-manager

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill uses a highly dangerous pattern (curl | sh) to execute a remote script from https://astral.sh/uv/install.sh. This allows the remote server to execute arbitrary commands on the user's system without any prior inspection or verification of the script content.
  • External Downloads (HIGH): The skill downloads executable content from astral.sh, which is not listed in the defined 'Trusted External Sources' whitelist. Because the source is untrusted, the severity of the remote execution remains critical.
  • Command Execution (HIGH): The use of shell piping for installation indicates the skill performs system-level modifications through unverified external scripts.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://astral.sh/uv/install.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 15, 2026, 03:58 PM