Skills
skills/openclaw/skills/pitch-deck-visuals/Gen Agent Trust Hub

pitch-deck-visuals

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill uses a piped shell command (curl | sh) to execute code from a remote URL. This is a severe vulnerability as the script content is not verified and can be modified by the host at any time. Evidence: curl -fsSL https://cli.inference.sh | sh.
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill downloads resources from cli.inference.sh, which is not on the list of trusted external sources.
  • [COMMAND_EXECUTION] (HIGH): The skill executes arbitrary shell commands through the piped download, bypassing security sandboxing and package verification.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 18, 2026, 02:21 PM