Skill Trust Decision
affiliate-skills
Skill contains documented but risky curl|bash remote execution pattern for Bun installation, with legitimate but undeclared shell spawning. No malicious behavior detected, but the execution patterns warrant caution.
Most direct threat evidence
Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
5 high-risk artifacts or egress signals were extracted.
Pass
Attack chain and severe findings
There is no explicit malicious chain in the report.
Review
Dependencies and supply chain hygiene
1 dependency or supply-chain issues need attention.
What drove the risk score up
Remote script execution via curl|bash +20
SKILL.md:39 instructs 'curl -fsSL https://bun.sh/install | bash' for Bun installation. Pattern is documented but uses dangerous pipe-to-shell execution.
Undeclared shell spawning +10
tools/src/cli.ts:78 uses Bun.spawn() to start daemon. Not declared in allowed-tools (only Bash, Read declared).
Hardcoded IP addresses +5
GitHub Pages IPs hardcoded at github-pages-deployer/SKILL.md:182-185. Legitimate use case but creates maintenance risk if GitHub changes IPs.
API key access undeclared in capability mapping +5
AFFITOR_API_KEY access via process.env in server.ts not documented in SKILL.md allowed-tools section.
Most important evidence
Medium
Remote Script Execution via Pipe-to-Shell
SKILL.md instructs users to run 'curl -fsSL https://bun.sh/install | bash' for Bun installation. While documented and for a legitimate purpose, this pattern is a known attack vector.
SKILL.md:39 Replace with verified installation method: check for bun in PATH first, then guide user to official package managers (npm install -g bun, brew install bun, etc.)
Low
Hardcoded GitHub Pages IP Addresses
GitHub's A record IPs are hardcoded in documentation. These are legitimate GitHub infrastructure IPs, but hardcoding creates maintenance risk if GitHub updates them.
skills/distribution/github-pages-deployer/SKILL.md:182 Link to official GitHub documentation instead: https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site
Low
Process Environment Access Without Declaration
The daemon reads AFFITOR_API_KEY from process.env but this capability is not declared in SKILL.md allowed-tools section.
tools/src/server.ts:26 Document environment variable access in SKILL.md or add 'Read' to allowed-tools for environment access
Declared capability vs actual capability
Filesystem Pass
Declared READ
→ Inferred READ
SKILL.md:6 declares Read tool Shell Pass
Declared WRITE
→ Inferred WRITE
SKILL.md:6 declares Bash tool; CLI spawns bun daemon Network Block
Declared NONE
→ Inferred READ
tools/src/cli.ts:78, tools/src/api.ts:6 - Makes fetch calls to localhost and list.affitor.com without declaration Environment Block
Declared NONE
→ Inferred READ
tools/src/server.ts:26 reads AFFITOR_API_KEY from process.env Suspicious artifacts and egress
Critical Dangerous Command
curl -fsSL https://bun.sh/install | bash SKILL.md:39
High IP Address
185.199.108.153 skills/distribution/github-pages-deployer/SKILL.md:182
High IP Address
185.199.109.153 skills/distribution/github-pages-deployer/SKILL.md:183
High IP Address
185.199.110.153 skills/distribution/github-pages-deployer/SKILL.md:184
High IP Address
185.199.111.153 skills/distribution/github-pages-deployer/SKILL.md:185
Medium External URL
https://list.affitor.com/api/v1 API.md:5
Medium External URL
https://list.affitor.com/settings API.md:13
Medium External URL
https://heygen.com API.md:59
Medium External URL
https://list.affitor.com/api/v1/programs?q=AI+video&sort=top&limit=5 API.md:196
Medium External URL
https://list.affitor.com/api/v1/programs?q=AI&reward_type=cps_recurring&min_cookie_days=30&sort=top&limit=20 API.md:204
Medium External URL
https://list.affitor.com/api/v1/programs/3f2a1b4c-0000-0000-0000-000000000000 API.md:212
Medium External URL
https://list.affitor.com/api/v1/programs API.md:223
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| bun | * | runtime | No | Bun runtime required but not pinned as dependency |
File composition
149 files · 22579 lines
Markdown 92 files · 17452 linesHTML 3 files · 1294 linesJSON 4 files · 1281 linesTypeScript 5 files · 856 linesShell 2 files · 721 linesText 32 files · 672 lines
Files of concern · 3
skills/landing/landing-page-creator/templates/comparison.html https://www.heygen.com/?ref=YOUR_AFFILIATE_ID · https://www.synthesia.io · https://www.colossyan.com
scripts/distribute.sh https://skills.sh/$REPO · https://supertools.therundown.ai/submit · https://producthunt.com/posts/new
README.md https://img.shields.io/badge/License-MIT-blue.svg · https://img.shields.io/badge/skills-45-brightgreen · https://img.shields.io/badge/standard-agentskills.io-purple · https://agentskills.io · https://affitor.com
Other files · registry.json · evals.json · SKILL.md · SKILL.md · SKILL.md · SKILL.md +3
Security positives
No base64, eval(), or obfuscated code patterns found
No credential exfiltration detected - AFFITOR_API_KEY only used locally for API auth
No access to sensitive paths (~/.ssh, ~/.aws, .env files)
No external C2 communications or suspicious network activity
Network requests limited to expected endpoints (127.0.0.1, list.affitor.com)
All dependencies declared, MIT licensed, no malicious packages
Skills generate content for user copy-paste, not automatic file writes
Distribution script requires explicit user interaction before execution