Skills
skills/ruoji6/java-audit-skills/java-auth-audit/Gen Agent Trust Hub

java-auth-audit

Fail

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The decompile strategy described in references/DECOMPILE_STRATEGY.md instructs the agent to download a JAR file from an unverified mirror (https://xget.xi-xu.me/gh/leibnitz27/cfr/releases/download/0.152/cfr-0.152.jar) and execute it using java -jar. This mirror has been identified as malicious by automated URL scanners.\n- [EXTERNAL_DOWNLOADS]: The skill relies on external executable binaries fetched from a non-trusted, blacklisted domain. There is no verification of the binary's integrity (e.g., checksums), which is a significant supply chain risk.\n- [COMMAND_EXECUTION]: The skill uses curl to fetch and java to run external code, providing a mechanism for arbitrary command execution via a compromised or malicious decompiler JAR.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 11, 2026, 11:51 AM