Skills
skills/teachingai/full-stack-skills/nvm-misc/Gen Agent Trust Hub

nvm-misc

Fail

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill includes instructions in SKILL.md and examples/ansible.md to download a shell script from a remote URL and pipe it directly to bash. This pattern executes external code without prior validation. Evidence: curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash in SKILL.md and curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash in examples/ansible.md.
  • [COMMAND_EXECUTION]: The skill provides commands for running npm install and npm test in examples/tests.md. These commands can trigger the execution of arbitrary code defined in the target project's build or test scripts.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to raw.githubusercontent.com to fetch installation scripts and documentation references.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 6, 2026, 10:50 AM