Skills
skills/radimsem/remindb/remindb-setup/Gen Agent Trust Hub

remindb-setup

Fail

Audited by Gen Agent Trust Hub on May 24, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute shell scripts directly from a remote GitHub repository using piped execution methods.
  • Evidence: The skill provides commands such as curl -fsSL https://raw.githubusercontent.com/radimsem/remindb/main/install.sh | bash for Linux/macOS and iwr -useb https://raw.githubusercontent.com/radimsem/remindb/main/install.ps1 | iex for Windows in references/config-model.md.
  • [COMMAND_EXECUTION]: The agent is directed to perform extensive shell operations for environment discovery, tool invocation, and binary execution.
  • Evidence: Use of remindb compile, remindb --version, and host-specific installation commands like codex plugin marketplace add and openclaw plugins install across SKILL.md and references/host-wiring.md.
  • [CREDENTIALS_UNSAFE]: The skill identifies and modifies sensitive configuration files belonging to other host applications to set environment variables.
  • Evidence: Targeting of files such as ~/.claude/plugins/cache/.../.mcp.json, ~/.codex/config.toml, and ~/.config/opencode/opencode.json as detailed in references/host-wiring.md. This access poses a risk of host configuration corruption or exposure of embedded secrets.
  • [EXTERNAL_DOWNLOADS]: The skill triggers the download of external components and plugins from public registries and marketplaces.
  • Evidence: Instructions to use npx skills@latest add and /plugin install remindb@remindb in references/host-wiring.md.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 24, 2026, 03:16 PM
Security Audit — agent-trust-hub — remindb-setup