xurl
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill executes a remote script via the command
curl -fsSL https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh | bash. This is a high-risk pattern that executes unverified code from the internet directly in the shell. Since the GitHub organization 'xdevplatform' is not a trusted source, this is classified as critical. - External Downloads (HIGH): The skill attempts to fetch and run content from an external source that is not verified or part of a trusted repository list.
- Command Execution (HIGH): The use of piped bash commands bypasses standard package management safety and allows for immediate, potentially malicious system-level changes.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/xdevplatform/xurl/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata