What security issues were found in sickn33/antigravity-awesome-skills/supabase-automation?

Sigil detected 1467 findings in sickn33/antigravity-awesome-skills/supabase-automation, including patterns related to provenance, network_exfil, install_hooks, code_patterns, obfuscation, credentials. See the full scan report for details.

sickn33/antigravity-awesome-skills/supabase-automation Security Scan — CRITICAL RISK | Sigil

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/docs/contributors/quality-bar.md:53


- command pipelines like `curl ... | bash`, `wget ... | sh`, `irm ... | iex`,
- inline token/secret-style command examples,

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/docs/contributors/skill-template.md:60

- If this skill includes shell commands, command-like examples, network fetches, token/capability strings, or direct mutation guidance, add explicit preconditions and caveats.
- For deliberate risky examples (for example `curl ... | bash`, `wget ... | sh`, credential examples), include a reviewer-visible reason and add an allowlist comment:

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/docs/maintainers/security-findings-triage-2026-03-15.csv:5

https://chatgpt.com/codex/security/findings/e01a4ba9a89c8191aff2edc3fa7e28ac,sickn33/antigravity-awesome-skills,https://github.com/sickn33/antigravity-awesome-skills,Symlink-following copy leaks host files in setup_web,"The updated copy routine in scripts/setup_web.js now uses fs.statSync, which follows symlinks, and copies targets as regular files or directories. This lets a malicious skill entry be a symlink to any file on the build host (e.g., ~/.ssh/id_rsa or CI secrets). When npm run app:se

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/docs/users/faq.md:237


- Replace risky examples like `curl ... | bash`, `wget ... | sh`, `irm ... | iex` with safer alternatives.
- Remove or redact token-like command-line examples.

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/skills/algorithmic-art/templates/generator_template.js:53


function setup() {
    createCanvas(800, 800);

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/skills/apify-actor-development/SKILL.md:25


## Prerequisites & Setup (MANDATORY)

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/skills/apify-actor-development/SKILL.md:39

> **Security note:** Do NOT install the CLI by piping remote scripts to a shell
> (e.g. `curl … | bash` or `irm … | iex`). Always use a package manager.

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/skills/audit-skills/SKILL.md:82

- **Persistence**: `reg add` (Run keys), `schtasks`, `crontab`, `launchctl` (macOS), `systemd` units.
- **Tubes**: `curl ... | bash`, `iwr ... | iex`.

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/skills/bun-development/SKILL.md:33

# macOS / Linux
curl -fsSL https://bun.sh/install | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/skills/bun-development/SKILL.md:591

# 1. Install Bun
curl -fsSL https://bun.sh/install | bash

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/skills/claude-code-expert/SKILL.md:353

      "Bash(sudo *)",
      "Bash(curl * | bash)"
    ]

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/skills/cloud-penetration-testing/SKILL.md:32

# GCP CLI
curl https://sdk.cloud.google.com | bash
gcloud init

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/skills/evolution/SKILL.md:34

# Install makepad-skills with hooks enabled
curl -fsSL https://raw.githubusercontent.com/ZhangHanDong/makepad-skills/main/install.sh | bash -s -- --with-hooks
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/skills/linkerd-patterns/SKILL.md:75

# Install CLI
curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/skills/linux-privilege-escalation/SKILL.md:147

# LinPEAS
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/skills/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:729

    "instance_id": "mwaskom__seaborn-3190",
    "model_patch": "I found the exact patch. The fix is very simple - just wrap `axis.convert_units((vmin, vmax))` with `map(float, ...)` to ensure the values are converted to floats before the subtraction.\n\nNow I need to format this as a proper unified diff patch. The issue is about the bug before the fix was applied, so I need to generate the patch that transforms the old code to the new code.\n\nBased on the GitHub API response, the patch changes

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/skills/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:904

    "instance_id": "pytest-dev__pytest-7490",
    "model_patch": "Based on my knowledge of pytest and the issue description, I can analyze this problem:\n\nThe issue is that in pytest 6.0.0rc0, dynamically adding an `xfail` marker using `request.node.add_marker(mark)` no longer ignores the test failure as it did in pytest 5.x.\n\nThe hint mentions commit c9737ae914891027da5f0bd39494dd51a3b3f19f caused this regression. This commit was related to evaluating xfail markers at call time for the stric

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/skills/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:737

      "instance_id": "mwaskom__seaborn-3190",
      "model_patch": "I found the exact patch. The fix is very simple - just wrap `axis.convert_units((vmin, vmax))` with `map(float, ...)` to ensure the values are converted to floats before the subtraction.\n\nNow I need to format this as a proper unified diff patch. The issue is about the bug before the fix was applied, so I need to generate the patch that transforms the old code to the new code.\n\nBased on the GitHub API response, the patch chan

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/skills/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:912

      "instance_id": "pytest-dev__pytest-7490",
      "model_patch": "Based on my knowledge of pytest and the issue description, I can analyze this problem:\n\nThe issue is that in pytest 6.0.0rc0, dynamically adding an `xfail` marker using `request.node.add_marker(mark)` no longer ignores the test failure as it did in pytest 5.x.\n\nThe hint mentions commit c9737ae914891027da5f0bd39494dd51a3b3f19f caused this regression. This commit was related to evaluating xfail markers at call time for the s

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/skills/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:874

    "instance_id": "mwaskom__seaborn-3190",
    "model_patch": "--- a/seaborn/_core/scales.py\n+++ b/seaborn/_core/scales.py\n@@ -96,6 +96,9 @@ class Nominal(Scale):\n     def _setup(\n         self, data: Series, prop: Property, axis: Axis | None = None,\n     ) -> Scale:\n+        # Convert boolean data to object dtype for consistent categorical handling\n+        if data.dtype == bool:\n+            data = data.astype(object)\n \n         new = copy(self)\n         if self._tick_params is Non

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/skills/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:1282

    "instance_id": "sphinx-doc__sphinx-8273",
    "model_patch": "Based on the issue and architect's analysis, I need to generate a patch for Sphinx's man page builder. Since the actual Sphinx repository isn't present in the provided directory, I'll generate the patch based on the standard Sphinx codebase structure and the architect's guidance.\n\n```\n--- a/sphinx/builders/manpage.py\n+++ b/sphinx/builders/manpage.py\n@@ -26,7 +26,7 @@ from sphinx.util import logging\n from sphinx.util.console

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/skills/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:882

      "instance_id": "mwaskom__seaborn-3190",
      "model_patch": "--- a/seaborn/_core/scales.py\n+++ b/seaborn/_core/scales.py\n@@ -96,6 +96,9 @@ class Nominal(Scale):\n     def _setup(\n         self, data: Series, prop: Property, axis: Axis | None = None,\n     ) -> Scale:\n+        # Convert boolean data to object dtype for consistent categorical handling\n+        if data.dtype == bool:\n+            data = data.astype(object)\n \n         new = copy(self)\n         if self._tick_params is

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/skills/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:1290

      "instance_id": "sphinx-doc__sphinx-8273",
      "model_patch": "Based on the issue and architect's analysis, I need to generate a patch for Sphinx's man page builder. Since the actual Sphinx repository isn't present in the provided directory, I'll generate the patch based on the standard Sphinx codebase structure and the architect's guidance.\n\n```\n--- a/sphinx/builders/manpage.py\n+++ b/sphinx/builders/manpage.py\n@@ -26,7 +26,7 @@ from sphinx.util import logging\n from sphinx.util.cons

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/skills/uv-package-manager/resources/implementation-playbook.md:54

# macOS/Linux
curl -LsSf https://astral.sh/uv/install.sh | sh

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/skills/varlock/SKILL.md:88

# Install Varlock CLI
curl -sSfL https://varlock.dev/install.sh | sh -s -- --force-no-brew

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/skills/varlock/SKILL.md:243

# Install Varlock in container
RUN curl -sSfL https://varlock.dev/install.sh | sh -s -- --force-no-brew \
    && ln -s /root/.varlock/bin/varlock /usr/local/bin/varlock

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/tools/scripts/tests/docs_security_content.test.js:86

    id: 'curl-pipe-bash',
    message: 'curl ... | bash|sh',
    regex: /\bcurl\b[^\n]*\|\s*(?:bash|sh)\b/i,

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/tools/scripts/tests/docs_security_content.test.js:91

    id: 'wget-pipe-sh',
    message: 'wget ... | sh',
    regex: /\bwget\b[^\n]*\|\s*sh\b/i,

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

sickn33/antigravity-awesome-skills/supabase-automation

Summary

Provenance

Findings by Phase

Install Hooks

Code Patterns

Obfuscation

Network / Exfiltration

Credentials

Provenance

Badge

Scan your own packages

Get threat intelligence and product updates

Other skills scans