Skills
skills/pedronauck/skills/hetzner-server/Gen Agent Trust Hub

hetzner-server

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The SKILL.md file contains a command example in the 'With user-data' section that uses curl -fsSL https://raw.githubusercontent.com/connorads/dotfiles/master/install.sh | bash. This fetches a shell script from an untrusted personal GitHub repository and executes it directly. When used as user-data during a Hetzner server creation (hcloud server create), this script runs with root privileges on the first boot of the new instance, allowing for arbitrary, unverified code execution from an external source.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/connorads/dotfiles/master/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 01:53 AM