Skills
skills/meriley/claude-code-skills/setup-node/Gen Agent Trust Hub

setup-node

Fail

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill recommends installing NVM by piping a remote script directly to bash: curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash. This pattern is high-risk because it executes unverified code from an external repository.
  • [COMMAND_EXECUTION]: The skill performs persistent modifications to the system shell configuration file ~/.bashrc by appending path export commands.
  • [EXTERNAL_DOWNLOADS]: The skill automates the installation of numerous global and local packages from the npm registry, including tools like yarn, pnpm, and husky.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 29, 2026, 07:48 AM
Security Audit — agent-trust-hub — setup-node