Is Shubhamsaboo/awesome-llm-apps safe?
https://github.com/Shubhamsaboo/awesome-llm-apps
The Shubhamsaboo/awesome-llm-apps repository is a widely-used public educational collection of LLM application examples, agent frameworks, and professional assistant skills. All SKILL.md files contain legitimate, benign skill definitions with no prompt injection, persona hijacking, or instruction-override patterns. Canary file reads detected during monitoring were definitively attributed to the Oathe audit infrastructure's own verification routine (confirmed via correlated auditd EXECVE records), all honeypot files remained intact, and network traffic was limited exclusively to the expected GitHub clone connection. Minor concerns include postinstall npm hooks in sub-application packages, an e2b cloud sandbox dependency, a self-improving skills backend that can modify skill files, and social media scraper implementations—all of which are educational in intent and consistent with a demonstration repository of this nature.
Category Scores
Findings (6)
MEDIUM Postinstall NPM Hooks Execute Code Automatically on Install -10 ▶
Three package.json files within the repository contain postinstall lifecycle hooks that automatically execute shell commands or Node scripts when npm install is run in their respective directories. The mcp-use-server hook runs 'mcp-use generate-types' for TypeScript codegen; the coach agent and starter project hooks run shell scripts that create Python virtualenvs and install pip dependencies. These are legitimate application setup operations but represent auto-executed code.
MEDIUM Canary File Read Events Captured — Attributed to Audit Infrastructure -15 ▶
Filesystem monitoring recorded read access to six honeypot credential files at 02:38:30 (inotifywait) and timestamp 1783046336.890 (auditd). Analysis of subsequent audit log entries confirms these reads were performed by the Oathe canary verification script (identified by grep searching for key='oathe-exec' in /var/log/audit/audit.log, executed at 1783046336.891). All canary files remained unmodified. No corresponding outbound network traffic to attacker infrastructure was observed.
LOW e2b Cloud Sandbox Dependency Enables Remote Code Execution Capabilities -8 ▶
The mcp-use-server and ai-mcp-app-builder web application depend on the 'e2b' package (v2.13.0+), which is an SDK for provisioning and interacting with cloud-hosted code execution sandboxes. While used legitimately to demonstrate AI-driven code generation in a sandboxed environment, this dependency provides a pathway to execute arbitrary code in remote cloud infrastructure.
LOW Self-Improving Agent Skills Backend Can Programmatically Modify Skill Files -12 ▶
The self-improving-agent-skills component includes a FastAPI backend (adk_optimizer.py, app.py) that accepts uploaded SKILL.md files, processes them through an LLM optimization pipeline, and produces modified output. If deployed without strict access controls, this backend could be used to introduce malicious instructions into skill files that would later be trusted by agents consuming those skills.
LOW Social Media Scrapers with Browser Automation -5 ▶
The ai_news_and_podcast_agents (Beifong) project contains browser-automation-based scrapers for X (Twitter) and Facebook that can extract posts, user data, and analytics. These are presented as educational examples for building news aggregation pipelines but represent broad data collection capabilities.
INFO Deprecated Skill Descriptions Reference External npx Install Command 0 ▶
The chatgpt-app-builder and mcp-builder SKILL.md files are marked DEPRECATED in their description fields and instruct users to run 'npx skills install mcp-use/mcp-use --skill mcp-app-builder'. This content appears in the YAML front-matter description field only — it is informational metadata, not executable code that would be injected into an agent prompt.