Skills
skills/levnikolaevich/claude-code-skills/ln-030-vps-bootstrap/Gen Agent Trust Hub

ln-030-vps-bootstrap

Fail

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill accesses and copies SSH authorized_keys files to set up the agent user. It also manages environment files (secrets.env, .env.local) and private key files (.pem) containing highly sensitive API tokens for Telegram, GitHub, GitLab, and Cloudflare.
  • [REMOTE_CODE_EXECUTION]: During the bootstrap process, the skill downloads the nvm (Node Version Manager) installation script and executes it by piping the content directly into bash.
  • [EXTERNAL_DOWNLOADS]: The workflow fetches multiple external assets, including the GitLab CLI binary from its release API, the nvm installer, and various Node.js packages from the npm registry.
  • [COMMAND_EXECUTION]: Extensive use of high-privilege system commands such as apt-get, useradd, systemctl, chmod, and chown to modify the host system's configuration and permissions.
  • [DATA_EXFILTRATION]: The skill installs a Telegram bridge service and a notification script designed to automatically transmit agent turn summaries and status updates to external Telegram API endpoints.
  • [PROMPT_INJECTION]: The references/operator.CLAUDE.md file contains instructions for the agent on how to interpret user input from Telegram, including specific directives to detect and ignore potential prompt injection attempts from end users.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 5, 2026, 08:04 PM