ubs
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill's installation instructions use a 'curl | bash' pattern:
curl -sSL https://raw.githubusercontent.com/Dicklesworthstone/ultimate_bug_scanner/main/install.sh | bash. - Evidence: The script is hosted in the
Dicklesworthstonerepository, which is not a trusted source according to security standards. - Risk: Piped remote execution is a high-risk vector as the content of the script can be changed at any time by the repository owner to include malicious commands such as credential theft or persistence mechanisms.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill directs the agent/user to download and execute files from an unverified external source.
- Evidence: URL:
https://raw.githubusercontent.com/Dicklesworthstone/ultimate_bug_scanner/main/install.sh. - [COMMAND_EXECUTION] (MEDIUM): The skill involves the execution of various CLI commands (
ubs,rg,ast-grep,jq) that interact with the local file system and source code. - Evidence: Commands like
ubs --stagedorubs .involve scanning the entire project directory, which could be exploited if the binary itself is malicious.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Dicklesworthstone/ultimate_bug_scanner/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata