agentic-coding-flywheel-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains repeated examples that embed API keys directly into commands and shell files (e.g., echo 'export ANTHROPIC_API_KEY="sk-ant-..."' >> ~/.zshrc and export OPENAI_API_KEY="sk-..."), which would require an agent that fills in real keys to include secret values verbatim in its outputs or generated commands.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). High risk — the skill instructs multiple direct "curl | bash" installs and references raw .sh scripts hosted on a personal/unknown GitHub account and other non-official domains (plus unknown sites like agent-flywheel.com and ara.so), requests dangerous options (passwordless sudo, system-wide installs), and thus these URLs could deliver arbitrary/malicious code.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.85). The skill deliberately enables high-risk behaviors — one-line curl|bash installs, "vibe" mode that grants passwordless sudo and enables "dangerous" agent flags, manifest-driven arbitrary remote installers and auto-updates, and guidance to persist API keys/SSH keys — which together create clear supply‑chain, persistent backdoor, and remote code execution/exfiltration vectors even though no explicit exfiltration payload is shown.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains runtime curl | bash commands that fetch and execute remote installer scripts (e.g., https://raw.githubusercontent.com/Dicklesworthstone/agentic_coding_flywheel_setup/main/install.sh and https://bun.sh/install), so external content is executed at runtime and required for installation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly installs system-wide tools via curl|bash, offers a "vibe mode" that enables passwordless sudo and "dangerous flags", and configures/restarts system services (systemctl), which directs the agent to obtain elevated privileges and modify system files and services.