skills/akillness/jeo-skills/ohmg/Gen Agent Trust Hub

ohmg

Fail

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute a shell script directly from a remote URL (curl -fsSL https://raw.githubusercontent.com/first-fluke/oh-my-agent/main/cli/install.sh | bash). This method bypasses security checks and allows an external, untrusted source to execute arbitrary commands on the host machine.
  • [EXTERNAL_DOWNLOADS]: The skill references and downloads scripts and packages from the first-fluke GitHub organization, which is not a recognized or trusted service.
  • [COMMAND_EXECUTION]: The instructions recommend using bun install --global oh-my-agent to install the software. Global installations affect the entire system and often require elevated privileges, which can lead to broader security issues if the package is malicious.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/first-fluke/oh-my-agent/main/cli/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 23, 2026, 02:49 PM
Security Audit — agent-trust-hub — ohmg