mantis-react-admin
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill clones a repository from 'https://github.com/Eng0AI/mantis-react-admin-template.git'. This source is not part of the trusted GitHub organizations or repositories list, making the downloaded content unverifiable.
- [REMOTE_CODE_EXECUTION] (HIGH): Following the download, the skill executes 'yarn install', 'yarn build', and 'yarn start'. These commands execute scripts defined in the downloaded repository's package.json file, allowing for arbitrary code execution from an untrusted source.
- [COMMAND_EXECUTION] (MEDIUM): The skill performs shell-level file manipulations, including 'rm -rf' and moving hidden files, and invokes deployment CLIs (Vercel/Netlify). While standard for development, when combined with untrusted downloads, these increase the attack surface.
- [CREDENTIALS_UNSAFE] (LOW): The deployment instructions utilize '$VERCEL_TOKEN'. While using environment variables is standard practice, an agent executing these commands might expose the token in logs or process lists if not carefully managed.
Recommendations
- AI detected serious security threats
Audit Metadata