Skills
skills/aradotso/claude-code-skills/claude-code-tips-productivity/Gen Agent Trust Hub

claude-code-tips-productivity

Fail

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides a command to execute remote code directly: curl -s https://raw.githubusercontent.com/ykdojo/claude-code-tips/main/quick-setup.sh | bash. This pattern is a significant security risk as it runs unverified scripts from a personal GitHub repository directly in the user terminal environment.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to download multiple scripts and files from external sources, including a status line script and a setup script from the ykdojo GitHub account.
  • [COMMAND_EXECUTION]: The instructions suggest granting execution rights to downloaded files using chmod +x and persistently modifying user configuration files such as ~/.bashrc and ~/.zshrc to add custom aliases and source external content.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/ykdojo/claude-code-tips/main/quick-setup.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 17, 2026, 06:09 AM
Security Audit — agent-trust-hub — claude-code-tips-productivity