Skills
skills/trotsky1997/my-claude-agent-skills/uv-python-manager/Gen Agent Trust Hub

uv-python-manager

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs the agent to perform piped remote execution, which downloads and runs a script from the internet without verification. This is a primary attack vector for system compromise.\n
  • Evidence (Unix/MacOS): SKILL.md contains curl -LsSf https://astral.sh/uv/install.sh | sh.\n
  • Evidence (Windows): SKILL.md contains powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex".\n- [COMMAND_EXECUTION] (HIGH): The skill provides numerous commands for package management and environment manipulation that involve arbitrary command execution on the host system.\n
  • Evidence: Commands such as uv run, uv pip install, and uv venv are documented as core capabilities across multiple files.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill is designed to download binaries and packages from external, non-whitelisted sources during installation and operation.\n
  • Evidence: Connections to astral.sh for installation and PyPI for package management.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:35 PM