Skills
skills/lichamnesia/skill-lint/eval-var-cmdsub/Gen Agent Trust Hub

eval-var-cmdsub

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses eval to run a command decoded from a Base64 string at runtime. The decoded string reveals a pattern that fetches a remote script via curl and pipes it to a shell for immediate execution.\n- [EXTERNAL_DOWNLOADS]: The skill attempts to download external content from https://evil.example.org/p.Sh using curl.\n- [COMMAND_EXECUTION]: The skill employs shell command substitution and piping (echo ... | base64 -d) to assemble and run commands dynamically, which can be used to bypass static analysis.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 20, 2026, 06:16 AM