Is @techwavedev/agi-agent-kit safe to install?

@techwavedev/agi-agent-kit was flagged as CRITICAL RISK (risk score 14475) with 1378 findings detected across 4152 files. Review the findings before installing.

What security issues were found in @techwavedev/agi-agent-kit?

Sigil detected 1378 findings in @techwavedev/agi-agent-kit, including patterns related to code_patterns, provenance, obfuscation, install_hooks, network_exfil, credentials. See the full scan report for details.

@techwavedev/agi-agent-kit Security Scan — CRITICAL RISK | Sigil

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/templates/base/skill-creator/templates/mcp_server_template.py:7


Claude Desktop setup (~/.claude/claude_desktop_config.json):

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/architecture/linkerd-patterns/SKILL.md:73

# Install CLI
curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/backend/bun-development/SKILL.md:31

# macOS / Linux
curl -fsSL https://bun.sh/install | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/backend/bun-development/SKILL.md:589

# 1. Install Bun
curl -fsSL https://bun.sh/install | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/templates/skills/extended/content/algorithmic-art/templates/generator_template.js:53


function setup() {
    createCanvas(800, 800);

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/devops/cloud-penetration-testing/SKILL.md:30

# GCP CLI
curl https://sdk.cloud.google.com | bash
gcloud init

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/templates/skills/extended/devops/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:729

    "instance_id": "mwaskom__seaborn-3190",
    "model_patch": "I found the exact patch. The fix is very simple - just wrap `axis.convert_units((vmin, vmax))` with `map(float, ...)` to ensure the values are converted to floats before the subtraction.\n\nNow I need to format this as a proper unified diff patch. The issue is about the bug before the fix was applied, so I need to generate the patch that transforms the old code to the new code.\n\nBased on the GitHub API response, the patch changes

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/templates/skills/extended/devops/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:904

    "instance_id": "pytest-dev__pytest-7490",
    "model_patch": "Based on my knowledge of pytest and the issue description, I can analyze this problem:\n\nThe issue is that in pytest 6.0.0rc0, dynamically adding an `xfail` marker using `request.node.add_marker(mark)` no longer ignores the test failure as it did in pytest 5.x.\n\nThe hint mentions commit c9737ae914891027da5f0bd39494dd51a3b3f19f caused this regression. This commit was related to evaluating xfail markers at call time for the stric

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/templates/skills/extended/devops/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:737

      "instance_id": "mwaskom__seaborn-3190",
      "model_patch": "I found the exact patch. The fix is very simple - just wrap `axis.convert_units((vmin, vmax))` with `map(float, ...)` to ensure the values are converted to floats before the subtraction.\n\nNow I need to format this as a proper unified diff patch. The issue is about the bug before the fix was applied, so I need to generate the patch that transforms the old code to the new code.\n\nBased on the GitHub API response, the patch chan

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/templates/skills/extended/devops/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:912

      "instance_id": "pytest-dev__pytest-7490",
      "model_patch": "Based on my knowledge of pytest and the issue description, I can analyze this problem:\n\nThe issue is that in pytest 6.0.0rc0, dynamically adding an `xfail` marker using `request.node.add_marker(mark)` no longer ignores the test failure as it did in pytest 5.x.\n\nThe hint mentions commit c9737ae914891027da5f0bd39494dd51a3b3f19f caused this regression. This commit was related to evaluating xfail markers at call time for the s

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/templates/skills/extended/devops/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:874

    "instance_id": "mwaskom__seaborn-3190",
    "model_patch": "--- a/seaborn/_core/scales.py\n+++ b/seaborn/_core/scales.py\n@@ -96,6 +96,9 @@ class Nominal(Scale):\n     def _setup(\n         self, data: Series, prop: Property, axis: Axis | None = None,\n     ) -> Scale:\n+        # Convert boolean data to object dtype for consistent categorical handling\n+        if data.dtype == bool:\n+            data = data.astype(object)\n \n         new = copy(self)\n         if self._tick_params is Non

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/templates/skills/extended/devops/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:1282

    "instance_id": "sphinx-doc__sphinx-8273",
    "model_patch": "Based on the issue and architect's analysis, I need to generate a patch for Sphinx's man page builder. Since the actual Sphinx repository isn't present in the provided directory, I'll generate the patch based on the standard Sphinx codebase structure and the architect's guidance.\n\n```\n--- a/sphinx/builders/manpage.py\n+++ b/sphinx/builders/manpage.py\n@@ -26,7 +26,7 @@ from sphinx.util import logging\n from sphinx.util.console

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/templates/skills/extended/devops/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:882

      "instance_id": "mwaskom__seaborn-3190",
      "model_patch": "--- a/seaborn/_core/scales.py\n+++ b/seaborn/_core/scales.py\n@@ -96,6 +96,9 @@ class Nominal(Scale):\n     def _setup(\n         self, data: Series, prop: Property, axis: Axis | None = None,\n     ) -> Scale:\n+        # Convert boolean data to object dtype for consistent categorical handling\n+        if data.dtype == bool:\n+            data = data.astype(object)\n \n         new = copy(self)\n         if self._tick_params is

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/templates/skills/extended/devops/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:1290

      "instance_id": "sphinx-doc__sphinx-8273",
      "model_patch": "Based on the issue and architect's analysis, I need to generate a patch for Sphinx's man page builder. Since the actual Sphinx repository isn't present in the provided directory, I'll generate the patch based on the standard Sphinx codebase structure and the architect's guidance.\n\n```\n--- a/sphinx/builders/manpage.py\n+++ b/sphinx/builders/manpage.py\n@@ -26,7 +26,7 @@ from sphinx.util import logging\n from sphinx.util.cons

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/frontend/linux-privilege-escalation/SKILL.md:145

# LinPEAS
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/templates/skills/extended/other/apify-actor-development/SKILL.md:21


## Prerequisites & Setup (MANDATORY)

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/other/apify-actor-development/SKILL.md:35

> **Security note:** Do NOT install the CLI by piping remote scripts to a shell
> (e.g. `curl … | bash` or `irm … | iex`). Always use a package manager.

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/other/apify-actorization/SKILL.md:36

```bash
curl -fsSL https://apify.com/install-cli.sh | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/other/audit-skills/SKILL.md:80

- **Persistence**: `reg add` (Run keys), `schtasks`, `crontab`, `launchctl` (macOS), `systemd` units.
- **Tubes**: `curl ... | bash`, `iwr ... | iex`.

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/other/claude-code-expert/SKILL.md:351

      "Bash(sudo *)",
      "Bash(curl * | bash)"
    ]

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/other/evolution/SKILL.md:34

# Install makepad-skills with hooks enabled
curl -fsSL https://raw.githubusercontent.com/ZhangHanDong/makepad-skills/main/install.sh | bash -s -- --with-hooks
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/other/varlock/SKILL.md:84

# Install Varlock CLI
curl -sSfL https://varlock.dev/install.sh | sh -s -- --force-no-brew

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/other/varlock/SKILL.md:239

# Install Varlock in container
RUN curl -sSfL https://varlock.dev/install.sh | sh -s -- --force-no-brew \
    && ln -s /root/.varlock/bin/varlock /usr/local/bin/varlock

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/templates/skills/extended/workflow/uv-package-manager/resources/implementation-playbook.md:54

# macOS/Linux
curl -LsSf https://astral.sh/uv/install.sh | sh

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

@techwavedev/agi-agent-kit

Summary

Provenance

Findings by Phase

Install Hooks

Code Patterns

Obfuscation

Network / Exfiltration

Credentials

Provenance

Badge

Scan your own packages

Get threat intelligence and product updates

Other npm scans