Skills
skills/mikonos/3devkit-skill/3devkit/Gen Agent Trust Hub

3devkit

Fail

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The file references/install.md provides instructions to clone an external repository and immediately execute a setup script: git clone --depth 1 https://github.com/garrytan/gstack.git ~/.cursor/skills/gstack && cd ~/.cursor/skills/gstack && ./setup. This pattern of downloading and running arbitrary scripts from untrusted sources is a high-risk behavior.
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to download code and components from non-whitelisted external GitHub repositories, specifically https://github.com/garrytan/gstack.git and https://github.com/obra/superpowers, as outlined in references/install.md.
  • [COMMAND_EXECUTION]: The skill requires the agent to perform multiple command-line operations, including running the openspec CLI, using git to manage external repositories, and executing various configuration commands for the OpenClaw framework.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 5, 2026, 03:31 PM