strapi-expert
Fail
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
README.mdfile instructs users to download a ZIP archive containing platform-specific executable files from the repository. Evidence:https://github.com/MKShahzad77/claude-skill-strapi-expert/raw/refs/heads/main/commodatum/skill-claude-expert-strapi-1.0.zip. The ZIP is described as containing.exe,.dmg, and Linux installation scripts, which are not standard components of an AI agent skill and pose a significant security risk. - [REMOTE_CODE_EXECUTION]: The documentation explicitly directs users to run untrusted code on their local operating systems. Evidence: 'Double-click the .exe file to start the installation', 'Open the .dmg file and drag the application to your Applications folder', and 'Run the installation script in the terminal'. This pattern shifts execution from the AI agent's managed environment to the user's local machine using unverified binaries.
- [COMMAND_EXECUTION]: For Linux users, the skill instructs the execution of shell commands to install the downloaded software. Evidence: 'Run the installation script in the terminal'. This encourages the user to execute potentially malicious scripts with high privileges.
Recommendations
- AI detected serious security threats
Audit Metadata