Skills
skills/aradotso/claude-code-skills/awesome-claude-code-subagents/Gen Agent Trust Hub

awesome-claude-code-subagents

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs users to download and execute a shell script (install-agents.sh) from an unverified GitHub repository (VoltAgent). This method of installation is highly risky as the script content is not checked before execution.\n- [EXTERNAL_DOWNLOADS]: The skill provides numerous commands to download agent configurations from an external, untrusted source (raw.githubusercontent.com/VoltAgent). These configurations influence the agent's behavior and have not been vetted for security.\n- [COMMAND_EXECUTION]: Several examples of dynamic shell scripts are provided (auto-install-agents.sh, update-agents.sh) that use curl to fetch and write content to the local filesystem, including sensitive directories like ~/.claude/agents.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 09:48 PM
Security Audit — agent-trust-hub — awesome-claude-code-subagents