nak

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION

Full Analysis

Unverifiable Dependencies & Remote Code Execution (CRITICAL): The skill utilizes a highly dangerous pattern by piping a remote script to the shell: curl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh. The source repository 'fiatjaf/nak' is not within the defined trust scope. Executing unverified code from the internet bypasses security controls and can lead to a complete compromise of the agent's environment.

Recommendations

CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh - DO NOT USE
AI detected serious security threats

Audit Metadata

Risk Level

CRITICAL

Analyzed

Feb 16, 2026, 01:02 AM