Summary
gkt v3.6.0 was classified as CRITICAL RISK with a risk score of 7307. Sigil detected 637 findings across 3094 files, covering phases including network exfiltration, install hooks, code patterns, obfuscation, credential access, provenance. Review the findings below before installing this package.
Package description: GravityKit — The AI-Native Software House in a Box
v3.6.0
29 March 2026, 17:36 UTC
by Sigil Bot
Risk Score
7307
Findings
637
Files Scanned
3094
Provenance
Findings by Phase
Phase Ordering
Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
gkt-3.6.0/GravityKit/.agent/skills/algorithmic-art/templates/generator_template.js:53
function setup() {
createCanvas(800, 800);Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
gkt-3.6.0/GravityKit/.agent/skills/bun-development/SKILL.md:28
# macOS / Linux
curl -fsSL https://bun.sh/install | bash
Why was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
gkt-3.6.0/GravityKit/.agent/skills/bun-development/SKILL.md:586
# 1. Install Bun
curl -fsSL https://bun.sh/install | bash
Why was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
gkt-3.6.0/GravityKit/.agent/skills/cloud-penetration-testing/SKILL.md:29
# GCP CLI
curl https://sdk.cloud.google.com | bash
gcloud initWhy was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
gkt-3.6.0/GravityKit/.agent/skills/linkerd-patterns/SKILL.md:70
# Install CLI
curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh
Why was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
gkt-3.6.0/GravityKit/.agent/skills/linux-privilege-escalation/SKILL.md:144
# LinPEAS
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
Why was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
gkt-3.6.0/GravityKit/.agent/skills/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:729
"instance_id": "mwaskom__seaborn-3190",
"model_patch": "I found the exact patch. The fix is very simple - just wrap `axis.convert_units((vmin, vmax))` with `map(float, ...)` to ensure the values are converted to floats before the subtraction.\n\nNow I need to format this as a proper unified diff patch. The issue is about the bug before the fix was applied, so I need to generate the patch that transforms the old code to the new code.\n\nBased on the GitHub API response, the patch changes Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
gkt-3.6.0/GravityKit/.agent/skills/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:904
"instance_id": "pytest-dev__pytest-7490",
"model_patch": "Based on my knowledge of pytest and the issue description, I can analyze this problem:\n\nThe issue is that in pytest 6.0.0rc0, dynamically adding an `xfail` marker using `request.node.add_marker(mark)` no longer ignores the test failure as it did in pytest 5.x.\n\nThe hint mentions commit c9737ae914891027da5f0bd39494dd51a3b3f19f caused this regression. This commit was related to evaluating xfail markers at call time for the stricWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
gkt-3.6.0/GravityKit/.agent/skills/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:737
"instance_id": "mwaskom__seaborn-3190",
"model_patch": "I found the exact patch. The fix is very simple - just wrap `axis.convert_units((vmin, vmax))` with `map(float, ...)` to ensure the values are converted to floats before the subtraction.\n\nNow I need to format this as a proper unified diff patch. The issue is about the bug before the fix was applied, so I need to generate the patch that transforms the old code to the new code.\n\nBased on the GitHub API response, the patch chanWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
gkt-3.6.0/GravityKit/.agent/skills/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:912
"instance_id": "pytest-dev__pytest-7490",
"model_patch": "Based on my knowledge of pytest and the issue description, I can analyze this problem:\n\nThe issue is that in pytest 6.0.0rc0, dynamically adding an `xfail` marker using `request.node.add_marker(mark)` no longer ignores the test failure as it did in pytest 5.x.\n\nThe hint mentions commit c9737ae914891027da5f0bd39494dd51a3b3f19f caused this regression. This commit was related to evaluating xfail markers at call time for the sWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
gkt-3.6.0/GravityKit/.agent/skills/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:874
"instance_id": "mwaskom__seaborn-3190",
"model_patch": "--- a/seaborn/_core/scales.py\n+++ b/seaborn/_core/scales.py\n@@ -96,6 +96,9 @@ class Nominal(Scale):\n def _setup(\n self, data: Series, prop: Property, axis: Axis | None = None,\n ) -> Scale:\n+ # Convert boolean data to object dtype for consistent categorical handling\n+ if data.dtype == bool:\n+ data = data.astype(object)\n \n new = copy(self)\n if self._tick_params is NonWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
gkt-3.6.0/GravityKit/.agent/skills/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:1282
"instance_id": "sphinx-doc__sphinx-8273",
"model_patch": "Based on the issue and architect's analysis, I need to generate a patch for Sphinx's man page builder. Since the actual Sphinx repository isn't present in the provided directory, I'll generate the patch based on the standard Sphinx codebase structure and the architect's guidance.\n\n```\n--- a/sphinx/builders/manpage.py\n+++ b/sphinx/builders/manpage.py\n@@ -26,7 +26,7 @@ from sphinx.util import logging\n from sphinx.util.console Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
gkt-3.6.0/GravityKit/.agent/skills/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:882
"instance_id": "mwaskom__seaborn-3190",
"model_patch": "--- a/seaborn/_core/scales.py\n+++ b/seaborn/_core/scales.py\n@@ -96,6 +96,9 @@ class Nominal(Scale):\n def _setup(\n self, data: Series, prop: Property, axis: Axis | None = None,\n ) -> Scale:\n+ # Convert boolean data to object dtype for consistent categorical handling\n+ if data.dtype == bool:\n+ data = data.astype(object)\n \n new = copy(self)\n if self._tick_params isWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
gkt-3.6.0/GravityKit/.agent/skills/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:1290
"instance_id": "sphinx-doc__sphinx-8273",
"model_patch": "Based on the issue and architect's analysis, I need to generate a patch for Sphinx's man page builder. Since the actual Sphinx repository isn't present in the provided directory, I'll generate the patch based on the standard Sphinx codebase structure and the architect's guidance.\n\n```\n--- a/sphinx/builders/manpage.py\n+++ b/sphinx/builders/manpage.py\n@@ -26,7 +26,7 @@ from sphinx.util import logging\n from sphinx.util.consWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
gkt-3.6.0/GravityKit/.agent/skills/uv-package-manager/resources/implementation-playbook.md:54
# macOS/Linux
curl -LsSf https://astral.sh/uv/install.sh | sh
Why was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
Badge
Markdown
[](https://sigilsec.ai/scans/4A0849F2-8BD2-4841-ACE9-DE83D7D6D88D)HTML
<a href="https://sigilsec.ai/scans/4A0849F2-8BD2-4841-ACE9-DE83D7D6D88D"><img src="https://sigilsec.ai/badge/pypi/gkt" alt="Sigil Scan"></a>Run This Scan Yourself
Scan your own packages
Run Sigil locally to audit any package before it touches your codebase.
Early Access
Get cloud scanning, threat intel, and CI/CD integration.
Join 150+ developers on the waitlist.
Get threat intelligence and product updates
Security research, new threat signatures, and product updates. No spam.
Other pypi scans
Believe this result is incorrect? Request a review or see our Terms of Service and Methodology.