Skills
skills/mkshahzad77/claude-skill-strapi-expert/strapi-expert/Gen Agent Trust Hub

strapi-expert

Fail

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The README.md file directs users to download a ZIP archive (skill-claude-expert-strapi-1.0.zip) from a personal GitHub repository (MKShahzad77/claude-skill-strapi-expert).
  • [EXTERNAL_DOWNLOADS]: The documentation explicitly instructs users to download and install .exe (Windows) and .dmg (macOS) files. Providing binary executables for an AI agent skill is unnecessary and represents a high risk for malware delivery.
  • [REMOTE_CODE_EXECUTION]: The README.md instructs Linux users to extract the downloaded ZIP and "Run the installation script in the terminal." This encourages the execution of unverified, remote code on the host machine.
  • [COMMAND_EXECUTION]: The skill's setup process requires manual execution of installation scripts and external binaries, which circumvents the safety boundaries of the AI agent environment.
  • [DECEPTIVE_PURPOSE]: While the skill's code files (SKILL.md, patterns.md, examples.md) contain legitimate Strapi documentation, the README.md serves as a social engineering lure to convince users to install external software under the guise of an "expert application."
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 15, 2026, 01:08 AM