device-testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Remote Code Execution (CRITICAL): The skill utilizes the pattern
curl -Ls "https://get.maestro.mobile.dev" | bash. This method of piping remote content directly to a shell is a critical security vulnerability that allows unverified code to run with the user's privileges. - Malicious URL Detection (CRITICAL): Security scanners have identified the domain
get.maestro.mobile.devas being associated with botnet activity. Executing code from a source flagged as malicious is a high-confidence indicator of compromise. - Unverifiable Source (HIGH): The source domain is not within the trusted repository or organization lists, and the skill owner 'anton-abyzov' is an untrusted third party, increasing the risk of supply chain attack.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://get.maestro.mobile.dev - DO NOT USE
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata