AntFleet

Anatomy · 219fd253-1

Repository path inconsistency between REST and Git Smart HTTP docs

lowdocs-gap
repo a16d2030·PR #3·reviewed 1 week ago

The vulnerable code

Code snippet unavailable.

The reasoning

Opus

setup.sh pipes remote install script to shell without verification

highsecurityhigh
  • gitlawb/scripts/setup.sh:11-13
The setup script downloads and executes an arbitrary remote shell script with no checksum, signature, or pinned-version verification. Anyone able to MITM or compromise gitlawb.com (or its TLS chain) can achieve arbitrary code execution on every user running setup.sh. Because setup.sh is in `scripts/` and intended to be run by users/agents onboarding to the skill, this propagates the risk to every consumer of the skill. The README documents the same pattern, but inside an automated helper script the risk is materially worse: agents may run setup.sh without the user reading it. At minimum a checksum verification step (download to tempfile, verify sha256, then execute) should be used; ideally prefer the npm or Homebrew install paths which are already documented as alternatives in SKILL.md.

Recommendation

Either (a) replace the curl|sh with `npm install -g @gitlawb/gl` (already listed as the recommended install method in SKILL.md), or (b) download install.sh to a temp file, verify a pinned SHA-256 published out-of-band, and only then execute. Also fail closed if the download fails (currently `set -euo pipefail` will catch curl failures, but the piped `sh` masks the exit code on some shells — use `set -o pipefail` explicitly and check `${PIPESTATUS[@]}`).

GPT-5

Insecure install pipeline via curl | sh without integrity verification

highsecurityhigh
  • gitlawb/SKILL.md:47-49
  • gitlawb/scripts/setup.sh:12
Both the public docs and the setup script instruct or perform a direct remote script execution (curl | sh) over HTTPS with no checksum, signature, or pinning. This is a common supply-chain risk: a compromised endpoint or transit MITM could lead to arbitrary code execution. While TLS reduces risk, best practice is to verify integrity/signature or use a package manager.

Recommendation

- Prefer package managers (npm or Homebrew) already listed in SKILL.md. - If retaining a shell installer, download to disk and verify integrity before execution (e.g., pinned SHA-256 or a detached signature with a published key), then execute the verified file. Example flow: curl -fsSL -o /tmp/gl-install.sh <url>; sha256sum -c <expected_sum_file>; sh /tmp/gl-install.sh. - In setup.sh, branch to npm install -g @gitlawb/gl or brew install gl when available, and only fall back to a verified installer. - Document the verification step in SKILL.md to guide users to safer installation.

The agreement

Both frontier models flagged this within the same line range. AntFleet's unanimous gate fired — the finding posted on the PR.

Closure

Tweet thread template

tweet 1 of 8150 / 280

Two frontier models reviewed PR #3 on a16d2030. Both found this bug: low docs-gap: Repository path inconsistency between REST and Git Smart HTTP docs

tweet 2 of 890 / 280

The vulnerable code (:0-0): (full snippet at https://www.antfleet.dev/anatomy/219fd253-1)

tweet 3 of 8280 / 280

What Opus saw: "The setup script downloads and executes an arbitrary remote shell script with no checksum, signature, or pinned-version verification. Anyone able to MITM or compromise gitlawb.com (or its TLS chain) can achieve arbitrary code execution on every user running setu…

tweet 4 of 8280 / 280

What GPT-5 saw: "Both the public docs and the setup script instruct or perform a direct remote script execution (curl | sh) over HTTPS with no checksum, signature, or pinning. This is a common supply-chain risk: a compromised endpoint or transit MITM could lead to arbitrary cod…

tweet 5 of 897 / 280

Both flagged the same line range. AntFleet's unanimous gate fired — the finding posted on the PR.

tweet 6 of 893 / 280

The fix landed in commit pending: (view diff at https://www.antfleet.dev/anatomy/219fd253-1)

tweet 7 of 881 / 280

AntFleet reviews every PR with two frontier models. Only unanimous findings post.

tweet 8 of 877 / 280

Full anatomy + reasoning + diffs: https://www.antfleet.dev/anatomy/219fd253-1

Paste into X composer one tweet at a time. X has no multi-tweet intent API.

view receipt →all receipts →view disagreements →case studies →