agentguard
jjy-agentguard · v · by
54.9
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 0.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 100.0 | 15% |
| Clickfix | 10.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 5.0 | 10% |
| Infrastructure | 70.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 5.0 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 0
[CRITICAL] Remote code download and execution via curl pipe
(line 22)
curl -fsSL https://www.agentguard.site/download/install.sh | sh
[CRITICAL] Remote code download and execution via curl pipe
(line 70)
- Install: `curl -fsSL https://www.agentguard.site/download/install.sh | sh`
[CRITICAL] Remote script download piped to shell execution
(line 22)
curl -fsSL https://www.agentguard.site/download/install.sh | sh
[CRITICAL] Remote script download piped to shell execution
(line 70)
- Install: `curl -fsSL https://www.agentguard.site/download/install.sh | sh`
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 100
No findings.
CLICKFIX — Score: 10
[CRITICAL] Instructs user to disable security features
(line 28)
Four-layer protection ensuring agents cannot bypass security:
[CRITICAL] Instructs user to disable security features
(line 65)
1. **Must use `ag_*` tools** for all command, file, and network operations. Do not use native `exec`, `read`, `write`, `
INFRASTRUCTURE — Score: 70
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 82)
Audit logs viewable at: **http://127.0.0.1:19821**
TWOSTAGE — Score: 5
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 22)
curl -fsSL https://www.agentguard.site/download/install.sh | sh
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 70)
- Install: `curl -fsSL https://www.agentguard.site/download/install.sh | sh`
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.