download-anything
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several shell scripts in the
scripts/directory that execute command-line tools for downloading media, images, and torrents. scripts/install-toolkit.shusessudoto install system packages (aria2,wget,ffmpeg,jq) on Linux systems viaaptordnf.scripts/dl-video.shexecutesyt-dlpwith the--cookies-from-browserflag to access local browser cookies for site-specific authentication (e.g., Bilibili).- [REMOTE_CODE_EXECUTION]: Documentation in
references/software.mdprovides standard installation commands for package managers that involve downloading and executing remote scripts. - Instructions for Homebrew use a shell pipe from
raw.githubusercontent.com(a well-known repository service). - Instructions for Chocolatey use a PowerShell
iexcommand to execute a script fromchocolatey.org(a well-known service). - [EXTERNAL_DOWNLOADS]: The skill's primary function is to facilitate downloads from a vast array of external sources.
- It provides directories and search techniques for numerous external domains, including official repositories, shadow libraries, and cloud drive search engines.
- It automates the installation of several third-party CLI tools from official package registries (Homebrew, PyPI, and npm).
Audit Metadata