brevix-stats
Fail
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user or agent to install a CLI tool by downloading a shell script and piping it directly into bash.
- Evidence:
curl -fsSL https://raw.githubusercontent.com/Yash-Koladiya30/brevix/main/install.sh | bashin SKILL.md. - This is a high-risk execution pattern that bypasses checksum verification and executes remote code with the current user's privileges.
- [COMMAND_EXECUTION]: The skill requires the execution of multiple shell commands to function.
- Evidence: Commands include
brevix stats,brevix stats --reset, andpip install brevixin SKILL.md. - [EXTERNAL_DOWNLOADS]: The skill relies on downloading software and installation scripts from external, non-whitelisted sources.
- Evidence: Fetches the 'brevix' package via
pipand an install script from a personal GitHub repository (Yash-Koladiya30/brevix).
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Yash-Koladiya30/brevix/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata