Skills
skills/ljt-520/openclaw-backup/deepseek-api/Gen Agent Trust Hub

deepseek-api

Fail

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: In SKILL.md, the skill provides a 'Quick Setup' command: curl -fsSL https://skillboss.co/openclaw-setup.sh | bash. This represents a critical vulnerability where an external script is downloaded and immediately executed with the user's shell privileges. Since the domain skillboss.co is not a trusted or well-known provider, this allows for arbitrary, unverified code execution on the host machine.
  • [EXTERNAL_DOWNLOADS]: The skill fetches an installation script from https://skillboss.co/openclaw-setup.sh. This external dependency is not hosted by a verified organization or on a trusted repository, which is a common vector for supply chain attacks.
Recommendations
  • HIGH: Downloads and executes remote code from: https://skillboss.co/openclaw-setup.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 17, 2026, 07:17 PM
Security Audit — agent-trust-hub — deepseek-api