download-anything

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes several shell scripts in the scripts/ directory that execute command-line tools for downloading media, images, and torrents.
  • scripts/install-toolkit.sh uses sudo to install system packages (aria2, wget, ffmpeg, jq) on Linux systems via apt or dnf.
  • scripts/dl-video.sh executes yt-dlp with the --cookies-from-browser flag to access local browser cookies for site-specific authentication (e.g., Bilibili).
  • [REMOTE_CODE_EXECUTION]: Documentation in references/software.md provides standard installation commands for package managers that involve downloading and executing remote scripts.
  • Instructions for Homebrew use a shell pipe from raw.githubusercontent.com (a well-known repository service).
  • Instructions for Chocolatey use a PowerShell iex command to execute a script from chocolatey.org (a well-known service).
  • [EXTERNAL_DOWNLOADS]: The skill's primary function is to facilitate downloads from a vast array of external sources.
  • It provides directories and search techniques for numerous external domains, including official repositories, shadow libraries, and cloud drive search engines.
  • It automates the installation of several third-party CLI tools from official package registries (Homebrew, PyPI, and npm).
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 09:23 AM
Security Audit — agent-trust-hub — download-anything