agentic-coding-flywheel-setup
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses the dangerous
curl | bashpattern to install software from an external GitHub repository (Dicklesworthstone/agentic_coding_flywheel_setup). This allows arbitrary code from a remote source to execute on the host system without verification. - [COMMAND_EXECUTION]: The 'Vibe mode' configuration explicitly sets up passwordless
sudoaccess for the user, which bypasses a fundamental operating system security control and allows the agent or any scripts it runs to execute administrative commands without authentication. - [COMMAND_EXECUTION]: The installation process modifies sensitive system configuration files to establish persistence and remote access, including appending code to shell profiles (
~/.zshrc) and potentially modifying SSHauthorized_keys. - [CREDENTIALS_UNSAFE]: The skill provides instructions to store highly sensitive AI provider API keys (Anthropic, OpenAI, Gemini) in plaintext within shell environment variables, which exposes them to any process or script running on the system.
- [EXTERNAL_DOWNLOADS]: The system fetches and executes numerous third-party installers from multiple external domains (e.g., bun.sh, rustup.rs) without providing integrity verification mechanisms like checksums within the skill context.
- [COMMAND_EXECUTION]: The skill architecture utilizes a 'manifest-driven design' that dynamically generates shell scripts at runtime and executes them, making the execution flow difficult to audit and verify.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Dicklesworthstone/agentic_coding_flywheel_setup/v0.7.0/install.sh, https://raw.githubusercontent.com/Dicklesworthstone/agentic_coding_flywheel_setup/main/install.sh?$(date - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata