Skills
NYC
skills/microck/ordinary-claude-skills/clinvar-database/Gen Agent Trust Hub

clinvar-database

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The file references/api_reference.md contains a command to download and execute a shell script directly from a remote server.
  • Evidence: sh -c "$(curl -fsSL ftp://ftp.ncbi.nlm.nih.gov/entrez/entrezdirect/install-edirect.sh)".
  • Risk: This allows the remote server to execute arbitrary code on the user's system. The source ncbi.nlm.nih.gov is a legitimate institution but is not on the defined trusted source list for this analysis, and the execution pattern itself is inherently unsafe.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill documentation provides numerous examples of interacting with external APIs via curl.
  • Evidence: Examples target https://eutils.ncbi.nlm.nih.gov/entrez/eutils/ for data retrieval.
  • Context: While expected for a ClinVar skill, these represent external network dependencies.
  • [NO_CODE] (INFO): The provided skill package is incomplete as it consists entirely of reference documentation.
  • Evidence: There is no SKILL.md file, no executable scripts, and no configuration files. It is a set of instructions/guides rather than a functional AI agent skill.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 10:47 AM