gstack
gstack · v1.1.0 · by
62.8
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 40.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 100.0 | 15% |
| Clickfix | 100.0 | 15% |
| Credential | 20.0 | 15% |
| Twostage | 5.0 | 10% |
| Infrastructure | 100.0 | 5% |
| Typosquat | 75.0 | 5% |
| Age | 10.6 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 40
[CRITICAL] Remote code download and execution via curl pipe
(line 106)
3. If `bun` is not installed: `curl -fsSL https://bun.sh/install | bash`
[CRITICAL] Remote script download piped to shell execution
(line 106)
3. If `bun` is not installed: `curl -fsSL https://bun.sh/install | bash`
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 100
No findings.
CLICKFIX — Score: 100
No findings.
INFRASTRUCTURE — Score: 100
No findings.
TWOSTAGE — Score: 5
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 106)
3. If `bun` is not installed: `curl -fsSL https://bun.sh/install | bash`
CREDENTIAL — Score: 20
[CRITICAL] Browser credential or cookie file access
(line 244)
# Import cookies from your real browser (opens interactive picker)
[CRITICAL] Browser credential or cookie file access
(line 371)
| `cookie-import-browser [browser] [--domain d]` | Import cookies from Comet, Chrome, Arc, Brave, or Edge (opens picker,
TYPOSQUAT — Score: 75
[HIGH] 'gstack' is 2 edit(s) from 'slack'