nvm
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (CRITICAL): The skill documentation (specifically
examples/install-update-script.md) directs the agent to perform piped remote execution, commonlycurl ... | bash. This pattern allows an untrusted remote source to execute arbitrary code with the user's current shell permissions. - [Persistence Mechanisms] (HIGH): The skill manages shell integration (
examples/shell-integration.md) and persists custom settings in shell profiles (examples/colors-persist.md). This involves modifying files like~/.bashrc,~/.zshrc, and~/.profile, which are primary vectors for maintaining persistent access to a system. - [Indirect Prompt Injection] (HIGH): The skill processes external
.nvmrcfiles (examples/nvmrc.md). - Ingestion points: Reading
.nvmrcfiles from user-controlled or project-specific directories. - Boundary markers: None identified in the skill metadata.
- Capability inventory: Executing shell commands, switching Node.js versions, and managing global packages.
- Sanitization: No evidence of sanitization for the contents of
.nvmrcbefore processing. - [Data Exposure & Exfiltration] (MEDIUM): The skill handles authentication headers for custom mirrors (
examples/mirror-auth-header.md). If an attacker influences the mirror URL via an environment variable or configuration file, sensitive credentials/tokens could be exfiltrated to a malicious server. - [Privilege Escalation] (MEDIUM): While
nvmgenerally installs to a user's home directory, the troubleshooting and Alpine install guides (examples/alpine-install.md,examples/troubleshooting-linux.md) often involve commands that may require elevated privileges or modify system-level paths.
Recommendations
- AI detected serious security threats
Audit Metadata