gateway-setup
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides a 'curl-first' setup command that pipes a script from the author's domain (joelclaw.com) directly into bash. While this is a vendor-owned resource, the pattern bypasses integrity validation and standard package management safety.\n- [COMMAND_EXECUTION]: The skill instructs the agent to create and load a launchd configuration file in '~/Library/LaunchAgents/', enabling the agent to maintain persistence across system reboots and sessions. It also utilizes tmux for background process management.\n- [EXTERNAL_DOWNLOADS]: The extension setup instructions require downloading and installing Node.js packages such as 'ioredis' and '@ioredis/commands' from external registries using npm or bun.
Audit Metadata