ai-tools

The module's design matches its purpose (detecting, installing, and updating AI CLI tools) but embodies notable supply-chain and runtime-execution risks. Main concerns: delegation-to-external skills/agents that may return arbitrary commands, lack of explicit validation or cryptographic verification for fetched installers/commands, and an automated --install mode that can perform changes without human review. These behaviors are not evidence of malware but raise a significant security risk in hostile or untrusted environments. Recommended mitigations before use in sensitive contexts: require explicit interactive confirmation for any commands returned by delegates (default deny for --install), restrict or audit delegated skills, pin or verify installer artifacts (checksums/signatures), implement an allowlist/denylist for permissible command patterns, and log+review all executed commands.