Skills
skills/nomadamas/k-skill/k-skill-setup/Gen Agent Trust Hub

k-skill-setup

Fail

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses sudo apt-get install to install system packages on Linux, which represents a privilege escalation vector.
  • [COMMAND_EXECUTION]: The skill establishes persistence by modifying crontab on Unix-like systems and using schtasks on Windows to run daily scripts.
  • [REMOTE_CODE_EXECUTION]: The skill schedules and executes remote code using npx --yes skills check and npx --yes skills update, which fetches and runs code directly from the npm registry.
  • [EXTERNAL_DOWNLOADS]: The skill initiates downloads of external software through system package managers including Homebrew, Winget, and Pacman.
  • [CREDENTIALS_UNSAFE]: The skill manages and accesses sensitive files containing cryptographic keys and environment secrets at ~/.config/k-skill/age/keys.txt and ~/.config/k-skill/secrets.env.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 31, 2026, 12:35 PM