Skill Trust Decision

agent-cli

Name: agent-cli Trust Review Report
Item: agent-cli
Rating: 50
Author: ClawSafe

Skill本身为纯文档索引不执行代码，但references/README.md中包含危险的curl|bash管道安装命令，违反安全最佳实践

Install decision first Source: Manual upload Scanned: Apr 5, 2026

Files 4

Artifacts 3

Violations 0

Findings 3

Most direct threat evidence

用户读取SKILL.md了解skill功能 Entry · SKILL.md

按文档指引执行危险的curl|bash安装命令 Escalation · references/README.md

恶意安装脚本可能在用户系统上执行任意代码 Impact · references/README.md

Why this conclusion was reached

2/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 3 attack-chain steps and 1 severe findings.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

Attack Chain

用户读取SKILL.md了解skill功能

Entry · SKILL.md:1

按文档指引执行危险的curl|bash安装命令

Escalation · references/README.md:21

恶意安装脚本可能在用户系统上执行任意代码

Impact · references/README.md:21

What drove the risk score up

危险Shell命令模式 +30

references/README.md:21 包含 curl https://cursor.com/install -fsS | bash

供应链攻击向量 +15

直接从外部URL下载脚本执行，无hash校验

文档记录危险操作 +5

文档记录了影子功能（危险安装方式）但SKILL.md未声明

Most important evidence

High Supply Chain

危险curl|bash管道安装命令

references/README.md第21行包含从cursor.com下载安装脚本并直接管道执行bash的命令，这是典型的供应链攻击向量（MITRA ATT&CK T1195.001）

references/README.md:21

使用包管理器安装(brew)或提供下载文件的SHA256 hash校验，禁止curl|bash管道

Medium Doc Mismatch

文档-行为差异：SKILL.md未声明危险操作

SKILL.md描述为'代码编辑CLI工具集合'，未提及会建议用户执行curl|bash安装命令。文档中高危IOC未在主文档声明。

SKILL.md:1

SKILL.md应明确声明安装方式涉及外部脚本执行

Low Supply Chain

外部URL无版本锁定

references/README.md和references/qodercli.md引用外部URL(https://cursor.com/install, https://docs.qoder.com/llms.txt)，未指定版本或hash

references/README.md:93

添加版本锁定或hash校验

Declared capability vs actual capability

Filesystem Pass

Declared NONE

→

Inferred NONE

纯文档skill，无脚本

Network Pass

Declared NONE

→

Inferred NONE

文档skill不执行网络请求

Shell Pass

Declared NONE

→

Inferred NONE

文档skill不执行shell

Suspicious artifacts and egress

Critical Dangerous Command

curl https://cursor.com/install -fsS | bash

references/README.md:21

Medium External URL

https://cursor.com/install

references/README.md:21

Medium External URL

https://docs.qoder.com/llms.txt

references/README.md:93

Dependencies and supply chain

There are no structured dependency warnings.

File composition

4 files · 670 lines

Markdown 4 files · 670 lines

Files of concern · 2

SKILL.md Markdown · 46 lines

文档-行为差异：SKILL.md未声明危险操作

references/README.md Markdown · 113 lines

危险curl|bash管道安装命令 · 外部URL无版本锁定 · curl https://cursor.com/install -fsS | bash · https://cursor.com/install · https://docs.qoder.com/llms.txt

Other files · qodercli.md · cursorcli.md

Security positives

纯文档skill，无实际可执行代码

不访问敏感文件或凭证

不包含代码执行、凭证窃取、数据外泄等恶意行为