Skills
NYC
skills/manutej/crush-mcp-server/nodejs-development/Gen Agent Trust Hub

nodejs-development

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill uses a high-risk execution pattern to download and run a shell script. Evidence: curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash. This pattern is considered critical as it executes remote content without local inspection, allowing for arbitrary code execution with the user's current privileges.
  • External Downloads (HIGH): The skill fetches resources from raw.githubusercontent.com under the nvm-sh organization. Per [TRUST-SCOPE-RULE], the source nvm-sh is not included in the predefined list of trusted GitHub organizations, making the remote execution pattern unverifiable and high-risk.
  • Command Execution (HIGH): The skill invokes system shell commands (bash) to process external input, which can be leveraged to modify system configuration or environment variables.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:21 PM