Skill Trust Decision

rtk-integration

Name: rtk-integration Trust Review Report
Item: rtk-integration
Rating: 58
Author: ClawSafe

RTK集成技能通过curl|sh从第三方GitHub仓库安装二进制工具，无版本锁定且未披露install.sh内容，构成供应链风险。PATH写入行为合理但缺乏透明性。

Install decision first Source: Manual upload Scanned: Apr 5, 2026

Files 5

Artifacts 1

Violations 2

Findings 4

Most direct threat evidence

用户安装rtk-integration技能 Entry · SKILL.md

执行curl|sh从第三方GitHub仓库下载install.sh Escalation · scripts/rtk-setup.sh

install.sh（内容未知）在主机上执行任意命令 Impact · 未知

Why this conclusion was reached

3/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 3 attack-chain steps and 0 severe findings.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

Attack Chain

用户安装rtk-integration技能

Entry · SKILL.md:1

执行curl|sh从第三方GitHub仓库下载install.sh

Escalation · scripts/rtk-setup.sh:39

install.sh（内容未知）在主机上执行任意命令

Impact · 未知

What drove the risk score up

curl|sh远程执行 +20

从raw.githubusercontent.com管道执行install.sh，无法验证内容且无版本锁定

供应链不可控 +15

install.sh内容未知，master分支无版本语义，第三方依赖无安全审计

PATH修改声明宽泛 +7

SKILL.md提到PATH写入但未明确修改~/.bashrc等文件的行为范围

Most important evidence

Medium Supply Chain

远程脚本管道执行无完整性校验

scripts/rtk-setup.sh:39 执行 `curl -fsSL https://raw.githubusercontent.com/rtk-ai/rtk/refs/heads/master/install.sh | sh`，从第三方GitHub仓库下载并直接执行脚本，无版本锁定、无SHA256校验、无GPG签名。master分支无版本语义，作者可随时修改内容。

scripts/rtk-setup.sh:39

使用release tag替代master分支，下载前校验SHA256，提供install.sh源码审查链接

Medium Supply Chain

install.sh脚本内容完全不透明

技能未提供install.sh的源码或行为说明。管道执行的黑盒脚本可能包含：安装任意二进制、执行特权操作、修改系统配置、外传环境信息等。用户无法在安装前审查安装器行为。

SKILL.md:26

要求作者在仓库中提供install.sh源码，或拆分为下载+执行两步，先暴露下载内容再执行

Low Doc Mismatch

PATH修改行为声明不透明

SKILL.md提到'添加RTK到PATH'但未明确指出会修改~/.bashrc/.zshrc/.profile。rtk-setup.sh实现了具体修改逻辑但文档未完整披露修改范围。

SKILL.md:21

在SKILL.md中明确列出所有文件修改操作

Low Supply Chain

Homebrew安装路径无版本控制

macOS通过brew install rtk安装，同样无版本锁定（Homebrew formula通常为滚动版本），与curl|sh分支风险相当。

scripts/rtk-setup.sh:35

使用brew pin锁定版本或指定formula版本

Declared capability vs actual capability

Filesystem Pass

Declared READ

→

Inferred WRITE

scripts/rtk-setup.sh:45-47 写入 ~/.bashrc/.zshrc/.profile

Shell Pass

Declared WRITE

→

Inferred WRITE

scripts/rtk-setup.sh 全文件

Network Block

Declared NONE

→

Inferred READ

scripts/rtk-setup.sh:39 从GitHub下载install.sh

Environment Block

Declared NONE

→

Inferred WRITE

scripts/rtk-setup.sh:45-47 向shell profile写入PATH变量

Suspicious artifacts and egress

Critical Dangerous Command

curl -fsSL https://raw.githubusercontent.com/rtk-ai/rtk/refs/heads/master/install.sh | sh

SKILL.md:26

Dependencies and supply chain

There are no structured dependency warnings.

File composition

5 files · 445 lines

Markdown 3 files · 369 linesShell 1 files · 71 linesJSON 1 files · 5 lines

Files of concern · 2

SKILL.md Markdown · 132 lines

install.sh脚本内容完全不透明 · PATH修改行为声明不透明 · curl -fsSL https://raw.githubusercontent.com/rtk-ai/rtk/refs/heads/master/install.sh | sh

scripts/rtk-setup.sh Shell · 71 lines

远程脚本管道执行无完整性校验 · Homebrew安装路径无版本控制

Other files · commands.md · config.md · _meta.json

Security positives

技能功能逻辑清晰，仅用于shell输出过滤，无数据处理或网络通信

代码结构简单，无混淆、无base64、无隐藏逻辑

未访问凭证路径（~/.ssh、~/.aws、.env）

未实现持久化后门或计划任务

未发现提示词注入风险