Receipt · 219fd253-0

setup.sh pipes remote install script to shell without verification

securityhighclosed in 24c537dclosed in 19 hours

repo a16d2030·PR #3·reviewed 1 week ago·1 week ago

The finding

gitlawb/scripts/setup.sh:11-13

The setup script downloads and executes an arbitrary remote shell script with no checksum, signature, or pinned-version verification. Anyone able to MITM or compromise gitlawb.com (or its TLS chain) can achieve arbitrary code execution on every user running setup.sh. Because setup.sh is in `scripts/` and intended to be run by users/agents onboarding to the skill, this propagates the risk to every consumer of the skill. The README documents the same pattern, but inside an automated helper script the risk is materially worse: agents may run setup.sh without the user reading it. At minimum a checksum verification step (download to tempfile, verify sha256, then execute) should be used; ideally prefer the npm or Homebrew install paths which are already documented as alternatives in SKILL.md.

Fix

Either (a) replace the curl|sh with `npm install -g @gitlawb/gl` (already listed as the recommended install method in SKILL.md), or (b) download install.sh to a temp file, verify a pinned SHA-256 published out-of-band, and only then execute. Also fail closed if the download fails (currently `set -euo pipefail` will catch curl failures, but the piped `sh` masks the exit code on some shells — use `set -o pipefail` explicitly and check `${PIPESTATUS[@]}`).

Agent attribution

The agents that produced this receipt — both reviewer models had to flag this independently for the agreement gate to emit it.

anthropic

gpt-5

66.1s · error

openai

claude-opus-4-7

164.2s · error

Total

wall-clock review time · est. inference cost

164.2s · $0.40

Sweeper

closed at SHA 24c537d

closed in 19 hours

internal review id · 219fd253

Third-party witnesses

Everything below lives on GitHub's event log, not ours. Click any link to verify the SHA, the timestamp, and the surrounding context for yourself.

Closure receipt comment
https://github.com/AntFleet/bankrskills-bench/pull/3#issuecomment-4524344670
Original review comment
https://github.com/AntFleet/bankrskills-bench/pull/3#issuecomment-4518127854
The pull request
https://github.com/AntFleet/bankrskills-bench/pull/3

full anatomy →← back to all receipts