strapi-expert

Fail

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The README.md file instructs users to download a ZIP archive containing platform-specific executable files from the repository. Evidence: https://github.com/MKShahzad77/claude-skill-strapi-expert/raw/refs/heads/main/commodatum/skill-claude-expert-strapi-1.0.zip. The ZIP is described as containing .exe, .dmg, and Linux installation scripts, which are not standard components of an AI agent skill and pose a significant security risk.
  • [REMOTE_CODE_EXECUTION]: The documentation explicitly directs users to run untrusted code on their local operating systems. Evidence: 'Double-click the .exe file to start the installation', 'Open the .dmg file and drag the application to your Applications folder', and 'Run the installation script in the terminal'. This pattern shifts execution from the AI agent's managed environment to the user's local machine using unverified binaries.
  • [COMMAND_EXECUTION]: For Linux users, the skill instructs the execution of shell commands to install the downloaded software. Evidence: 'Run the installation script in the terminal'. This encourages the user to execute potentially malicious scripts with high privileges.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 15, 2026, 09:53 AM
Security Audit — agent-trust-hub — strapi-expert