Skills
skills/stakpak/community-paks/coolify-deployment/Gen Agent Trust Hub

coolify-deployment

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the user to execute a shell script directly from a remote URL (https://cdn.coollabs.io/coolify/install.sh) using the curl -fsSL ... | sudo bash pattern. This is a highly dangerous practice as it grants the remote script full root access to the system without prior verification of its contents or integrity.
  • [COMMAND_EXECUTION] (HIGH): The skill makes frequent use of sudo and performs remote command execution over SSH (e.g., ssh ... "sudo docker ps"). This pattern grants the agent broad administrative control over the target infrastructure, which can be exploited if the agent's instructions are compromised.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill downloads and executes scripts from cdn.coollabs.io. Since this domain and its associated organization are not included in the 'Trusted External Sources' list, these dependencies are considered unverifiable and carry a higher risk profile than those from officially trusted repositories.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:49 PM