maestro-testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs the user or agent to run
curl -Ls "https://get.maestro.mobile.dev" | bashin both the 'Installation' and 'CI/CD Integration' sections. This method of piped remote execution provides no opportunity for code review or integrity verification before execution. - [EXTERNAL_DOWNLOADS] (CRITICAL): The download source
get.maestro.mobile.devis not within the trusted scope for AI agent skills. Additionally, automated scanners have flagged this specific URL as a malicious botnet command-and-control or distribution point. - [COMMAND_EXECUTION] (HIGH): The skill encourages the execution of the
maestrobinary and related shell commands which are obtained through an unverified and potentially compromised delivery mechanism.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://get.maestro.mobile.dev - DO NOT USE
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata