claude-code-sdk
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): Detected a piped remote execution pattern where
curl -fsSL https://deb.nodesource.com/setup_20.xis piped directly tobash. This pattern is highly dangerous as it executes remote code without any verification or local inspection. - External Downloads (HIGH): The script is downloaded from
deb.nodesource.com, which is not included in the list of trusted repositories or organizations, maintaining the risk associated with unverified external content. - Command Execution (HIGH): The skill initiates the
bashinterpreter to process external data, which can lead to unauthorized system-level changes or full compromise.
Recommendations
- HIGH: Downloads and executes remote code from: https://deb.nodesource.com/setup_20.x - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata