Aguara Watch

sandbox-agent

skills-sh:rivet-dev_skills__sandbox-agent

View source
C
50/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

5

Score

50/100

CRITICAL 2
LOW 3

Findings (5)

CRITICAL
Download-and-execute
L100

Detects patterns of downloading and piping to shell execution

curl

Install and run the binary directly.

```bash
curl -fsSL https://releases.rivet.dev/sandbox-agent/0.2.x/install.sh | sh
FIX

Download the file first, verify its integrity (checksum, signature), inspect it, then run it. Prefer package managers over raw downloads. Never fetch-and-run in one step.

FP?

Likely FP if the target is a well-known installer (e.g., rustup, Homebrew) from its canonical HTTPS domain, though the pattern is inherently risky.

CRITICAL
Curl or wget piped to shell
L100

Detects downloading scripts piped directly to a shell interpreter

curl

Install and run the binary directly.

```bash
curl -fsSL https://releases.rivet.dev/sandbox-agent/0.2.x/install.sh | sh
FIX

Download the script first, inspect it, verify its checksum, then run it. Do not pipe curl/wget output directly to sh/bash. Prefer package manager installs.

FP?

Likely FP if the download is from a well-known installer domain (e.g., brew.sh, rustup.rs), though this pattern is inherently risky even with trusted sources.

LOW
Docker environment credentials
L85

Detects Docker or docker-compose commands passing credentials via environment variables

docker run -e ANTHROPIC_API_KEY=
FIX

Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.

FP?

Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.

LOW
Chained shell command execution
L100

Detects chained commands using shell operators with dangerous operations

curl

Install and run the binary directly.

```bash
curl -fsSL https://releases.rivet.dev/sandbox-agent/0.2.x/install.sh | sh
FIX

Break chained commands into discrete, individually validated steps. Avoid piping untrusted output directly into a shell interpreter.

FP?

Likely FP if the matched text is a documentation example showing a common installer one-liner for a well-known tool with a canonical URL.

LOW
Global package installation
L130

Detects global installation of packages which affects the host system

npm install -g @
FIX

Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.

FP?

Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.