secure-vps-setup
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill guides users to download and execute scripts directly from the internet using the dangerous 'curl | sh' pattern. This occurs in SKILL.md for Tailscale, Docker, and Crowdsec installation. Although these are recognized tools, the pattern itself is high-risk as it executes remote code without prior verification. The severity is adjusted to HIGH (from CRITICAL) because this is a core part of the skill's intended purpose for VPS setup. \n- [COMMAND_EXECUTION] (MEDIUM): The skill provides instructions for the user to execute high-privilege administrative tasks, including modifying /etc/ssh/sshd_config and /etc/sysctl.d/99-security.conf, and managing the UFW firewall. This is expected behavior for a server hardening guide but involves significant system impact. \n- [EXTERNAL_DOWNLOADS] (LOW): The skill downloads resources from external domains (tailscale.com, get.docker.com, install.crowdsec.net) that are not on the predefined list of trusted GitHub sources.
Recommendations
- HIGH: Downloads and executes remote code from: https://tailscale.com/install.sh, https://get.docker.com - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata