Is CyberStrikeus/CyberStrike safe to install?

CyberStrikeus/CyberStrike was flagged as CRITICAL RISK (risk score 3401) with 282 findings detected across 3152 files. Review the findings before installing.

What security issues were found in CyberStrikeus/CyberStrike?

Sigil detected 282 findings in CyberStrikeus/CyberStrike, including patterns related to provenance, code_patterns, network_exfil, install_hooks, credentials, obfuscation. See the full scan report for details.

Scans/github/CyberStrikeus/CyberStrike

CyberStrikeus/CyberStrike

github

Summary

CyberStrikeus/CyberStrike v2026-04-10 was classified as CRITICAL RISK with a risk score of 3401. Sigil detected 282 findings across 3152 files, covering phases including provenance, code patterns, network exfiltration, install hooks, credential access, obfuscation. Review the findings below before installing this package.

Package description: AI-powered offensive security agent. Autonomous pentesting with 13+ specialized agents, 120+ OWASP test cases, 15+ LLM providers, and Bolt remote tool servers. Your AI red team.

CRITICAL RISK(3401)

v2026-04-10

10 April 2026, 09:51 UTC

by Sigil Bot

Risk Score

3401

Findings

282

Files Scanned

3152

Provenance

Registry

https://github.com/CyberStrikeus/CyberStrike

Repository

https://github.com/CyberStrikeus/CyberStrike

Scanned From

https://github.com/CyberStrikeus/CyberStrike.git

Findings by Phase

•

Phase Ordering

Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.github/publish-python-sdk.yml:31

#         shell: bash
#         run: curl -LsSf https://astral.sh/uv/install.sh | sh

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.github/workflows/duplicate-issues.yml:22

      - name: Install cyberstrike
        run: curl -fsSL https://cyberstrike.io/install | bash

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.github/workflows/pr-management.yml:37

      - name: Install cyberstrike
        run: curl -fsSL https://cyberstrike.io/install | bash

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.github/workflows/review.yml:35

      - name: Install cyberstrike
        run: curl -fsSL https://cyberstrike.io/install | bash

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.ar.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.bn.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.br.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.bs.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.da.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.de.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.el.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.es.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.fr.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.hi.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.it.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.ja.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.ko.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.md:289

# Linux / macOS (curl)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.no.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.pl.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.ru.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.th.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.tr.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.uk.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.vi.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.zh.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/README.zht.md:190

# curl (Linux/macOS)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/github/action.yml:57

      shell: bash
      run: curl -fsSL https://cyberstrike.io/install | bash

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/install:24

Examples:
    curl -fsSL https://cyberstrike.io/install.sh | bash
    curl -fsSL https://cyberstrike.io/install.sh | bash -s -- --beta

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/install:25

    curl -fsSL https://cyberstrike.io/install.sh | bash
    curl -fsSL https://cyberstrike.io/install.sh | bash -s -- --beta
    curl -fsSL https://cyberstrike.io/install.sh | bash -s -- --version 1.1.3

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/install:26

    curl -fsSL https://cyberstrike.io/install.sh | bash -s -- --beta
    curl -fsSL https://cyberstrike.io/install.sh | bash -s -- --version 1.1.3
    ./install --binary /path/to/cyberstrike

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/packages/console/app/src/routes/download/index.tsx:121

                data-component="cli-row"
                onClick={handleCopyClick("curl -fsSL https://cyberstrike.io/install | bash")}
              >

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/packages/console/app/src/routes/download/index.tsx:124

                <code>
                  curl -fsSL https://<strong>cyberstrike.io/install</strong> | bash
                </code>

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/packages/containers/bun-node/Dockerfile:21

RUN set -euo pipefail; \
  curl -fsSL https://bun.sh/install | bash -s -- "bun-v${BUN_VERSION}"; \
  bun --version; \

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/packages/containers/rust/Dockerfile:11

RUN set -euo pipefail; \
  curl -fsSL https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain "${RUST_TOOLCHAIN}"; \
  rustc --version; \

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/packages/cyberstrike/README.md:236

# Linux / macOS (curl)
curl -fsSL https://cyberstrike.io/install | bash
```

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/packages/cyberstrike/src/installation/index.ts:135

      case "curl":
        cmd = $`curl -fsSL https://cyberstrike.io/install | bash`.env({
          ...process.env,

Why was this flagged?

Badge

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/github/CyberStrikeus/CyberStrike)](https://sigilsec.ai/scans/CD301CB8-39E3-400E-ADC7-026E69D8D9BF)

HTML

<a href="https://sigilsec.ai/scans/CD301CB8-39E3-400E-ADC7-026E69D8D9BF"><img src="https://sigilsec.ai/badge/github/CyberStrikeus/CyberStrike" alt="Sigil Scan"></a>

Run This Scan Yourself

Scan your own packages

Run Sigil locally to audit any package before it touches your codebase.

curl -sSL https://sigilsec.ai/install.sh | sh

Read the docs →Free. Apache 2.0.

Early Access

Get cloud scanning, threat intel, and CI/CD integration.

Join 150+ developers on the waitlist.

Get threat intelligence and product updates

Security research, new threat signatures, and product updates. No spam.

Other github scans

paulburgess1357/nvim-mcp

v2026-04-10

CRITICAL RISK215

Tuee22/studioMCP

v2026-04-10

MEDIUM RISK13

pmady/pavan-profile-mcp

v2026-04-10

MEDIUM RISK16

alyiox/mcp-clickhousex

v2026-04-10

LOW RISK6

Believe this result is incorrect? Request a review or see our Terms of Service and Methodology.

Scanned bySigil Bot

← Back to Scan Database

CyberStrikeus/CyberStrike

Summary

Provenance

Findings by Phase

Install Hooks

Code Patterns

Obfuscation

Network / Exfiltration

Credentials

Provenance

Badge

Scan your own packages

Get threat intelligence and product updates

Other github scans