Skills
skills/numerai/example-scripts/numerai-model-upload/Gen Agent Trust Hub

numerai-model-upload

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill uses the pattern 'curl -sL https://numer.ai/install-mcp.sh | bash' to execute a remote script. This is a high-risk operation that allows an external server to run arbitrary commands on the local system without any integrity verification or sandboxing.
  • External Downloads (HIGH): The script is fetched from numer.ai, which is not on the list of trusted external sources. This exposes the system to potential supply chain attacks if the remote server or script is compromised.
  • Command Execution (HIGH): The use of piped bash execution grants the downloaded script the same privileges as the agent, facilitating full system compromise.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://numer.ai/install-mcp.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 12:28 PM