strapi-expert
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The README.md file repeatedly directs users to download a ZIP archive from an untrusted third-party GitHub repository (MKShahzad77/claude-skill-strapi-expert) which is unaffiliated with the claimed author (meilisearch). Evidence: https://github.com/MKShahzad77/claude-skill-strapi-expert/raw/refs/heads/main/commodatum/skill-claude-expert-strapi-1.0.zip
- [COMMAND_EXECUTION]: The documentation provides explicit instructions for users to run executable binaries on their host machines, including .exe for Windows and .dmg for macOS, which is outside the scope of a standard AI agent skill and poses a significant security risk. Evidence: "Double-click the .exe file to start the installation."
- [EXTERNAL_DOWNLOADS]: The skill exhibits deceptive metadata and conflicting ownership information. While the provided context identifies the author as meilisearch, the README and CONTRIBUTING files reference unrelated GitHub accounts (MKShahzad77 and ayhid), indicating a potential impersonation or supply chain attack.
Recommendations
- AI detected serious security threats
Audit Metadata