The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The install.sh script and the README.md instructions recommend a curl | bash pattern to install the tool from https://raw.githubusercontent.com/Dicklesworthstone/ultimate_bug_scanner/main/install.sh. Similarly, the ubs meta-runner lazily downloads language-specific scanning modules from the same GitHub repository. These are identified as legitimate distribution mechanisms for the tool's components.
[COMMAND_EXECUTION]: The tool relies heavily on shell command execution to orchestrate various scanners (ripgrep, ast-grep, jq, etc.) and to perform environment checks. This includes modifications to shell configuration files (e.g., .bashrc, .zshrc) during installation to add the tool to the user's PATH. The git_safety_guard.py script specifically hooks into the command execution pipeline to prevent destructive operations.
[CREDENTIALS_UNSAFE]: Multiple files in the test-suite/buggy and realistic directories contain hardcoded API keys and secrets (e.g., sk_live_abc123...). These are intentional examples of bugs that the tool is designed to detect and are used only for regression testing. They do not represent a security risk within the context of the skill's operation.
[EXTERNAL_DOWNLOADS]: The meta-runner fetches helper assets (e.g., resource_lifecycle_py.py, type_narrowing_ts.js) from the project's remote repository. These downloads are verified using SHA-256 checksums embedded in the main script to ensure supply-chain integrity.

ubs