setup-cairo-contracts
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill directs the execution of a remote shell script via
curl | shfromhttps://sh.starkup.sh. Piping remote scripts directly to a shell executes unverified code from an external source, potentially leading to full system compromise. - [EXTERNAL_DOWNLOADS]: The skill downloads installation tools from
starkup.sh, a third-party domain not included in the trusted vendor or well-known service lists, making the source's integrity unverifiable. - [COMMAND_EXECUTION]: The skill utilizes local shell commands like
scarb newto scaffold projects and manage dependencies, which involves file system writes and environment configuration.
Recommendations
- HIGH: Downloads and executes remote code from: https://sh.starkup.sh - DO NOT USE without thorough review
Audit Metadata