Skills
skills/nomadamas/k-skill/k-skill-setup/Gen Agent Trust Hub

k-skill-setup

Fail

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill implements persistence mechanisms to maintain long-term execution on the host system.
  • Evidence: Use of crontab on Linux/macOS to schedule a recurring update check script.
  • Evidence: Use of schtasks on Windows to create a daily scheduled task for the update check command.
  • [COMMAND_EXECUTION]: Execution of local scripts and CLI tools.
  • Evidence: The skill executes bash scripts/check-setup.sh to verify the environment.
  • Evidence: The skill uses gh repo star to perform actions on a GitHub repository.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and execute remote packages at runtime.
  • Evidence: Instructions to execute npx --yes skills check for update verification.
  • [DATA_EXFILTRATION]: The skill points certain API services to a vendor-managed proxy.
  • Evidence: Use of k-skill-proxy.nomadamas.org as the default host for various localized services (weather, subway info, etc.).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 19, 2026, 09:14 PM