Security Audit

bun-development

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

bun-development received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 9 findings: 5 critical, 1 high, 2 medium, and 1 low severity. Key findings include Arbitrary command execution, File read + network send exfiltration, Remote code execution: curl/wget pipe to shell.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

10%

Static Code Analysis

33%

Dependency Graph

100%

LLM Behavioral Safety

76%

Behavioral Risk Signals

Network Access

5 findings

Filesystem Write

4 findings

Shell Execution

7 findings

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings9

Severity	Finding	Layer	Location
CRITICAL	Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/bun-development/SKILL.md:24
CRITICAL	Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/bun-development/SKILL.md:582
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	skills/bun-development/SKILL.md:246
CRITICAL	Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter.	Static	skills/bun-development/SKILL.md:24
CRITICAL	Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter.	Static	skills/bun-development/SKILL.md:582
HIGH	Recommendation of Unsafe `curl \| bash` Installation Method The skill recommends installing Bun using `curl -fsSL https://bun.sh/install \| bash` for macOS/Linux and `powershell -c "irm bun.sh/install.ps1 \| iex"` for Windows. This method involves piping a script downloaded from the internet directly into a shell for execution. This practice is inherently risky as it bypasses review and can lead to the execution of arbitrary, potentially malicious code if the remote script or the download process is compromised. While common for some software installations, it represents a significant command injection and supply chain risk for users following these instructions. Recommend safer installation methods, such as downloading the script first, reviewing it, and then executing it, or using package managers like Homebrew where available, which offer better integrity checks. If `curl \| bash` is retained, add a strong warning about the security implications and advise users to inspect the script before execution.	LLM	SKILL.md:40
MEDIUM	Sensitive path access: Environment file Access to Environment file path detected: '.env.production'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/bun-development/SKILL.md:246
MEDIUM	Direct Installation from Arbitrary Git Repositories The skill documentation provides examples for installing packages directly from arbitrary Git repositories (`bun add github:user/repo`, `bun add git+https://github.com/user/repo.git`). While a feature of Bun, this practice, if used with untrusted or unverified repositories, introduces a significant supply chain risk by allowing the execution of arbitrary code from external sources. The skill does not provide warnings or best practices for verifying the integrity of such repositories. Add a warning about the security implications of installing from unverified Git repositories. Recommend verifying the source and integrity of such packages before installation.	LLM	SKILL.md:169
LOW	Examples Using 'latest' Tag for Dependencies The skill documentation includes examples that explicitly use the `@latest` tag when adding dependencies (`bun add react@latest`) and specifies `"latest"` for `@types/bun` in the example `package.json`. While `bun install` generates a lockfile, explicitly using `@latest` can lead to non-deterministic builds and introduces a minor supply chain risk if a new 'latest' version contains breaking changes or malicious code, especially if the lockfile is not consistently used or updated. It's generally safer to rely on semantic versioning ranges or specific versions. Recommend using specific versions or semantic versioning ranges (e.g., `bun add react@^18.2.0`) instead of `@latest` in examples, and explain the benefits of version pinning for stability and security. Update the `package.json` example to use a version range for `@types/bun`.	LLM	SKILL.md:166

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/4ee11c8c08d67a48.svg)](https://skillshield.io/report/4ee11c8c08d67a48)