context safety score
A score of 36/100 indicates multiple risk signals were detected. This entity shows patterns commonly associated with malicious intent.
doc injection
README is specifically crafted to instruct AI agents (Claude Code) to clone the repository, install arbitrary dependencies, configure browser cookie extraction, and tells users to 'Just click Allow when Claude asks for permission' — a social engineering pattern encouraging users to bypass permission prompts without scrutiny. From an unverified 62-day-old org with only 1 contributor. (location: README.md:30-43)
doc injection
README repeatedly instructs AI agents to configure yt-dlp with browser cookie access (--cookies-from-browser) across multiple sections, normalizing browser session cookie extraction. While yt-dlp supports this legitimately, the persistent emphasis on cookie configuration from an unverified new organization is a social engineering concern. (location: README.md:38-39, 144-161)
shadow chaining
SKILL.md references 2 external package/skill installation(s)
supply chain
Highly suspicious trust signals: 7.69M installs from a 62-day-old unverified org with only 327 stars (ratio ~23,500:1), 1 contributor, no license, not listed on registry. The metadata skill_description field contains 'width=device-width, initial-scale=1' (an HTML viewport meta tag, not a real description), indicating scraped or fabricated metadata. Install count appears artificially inflated to bypass trust heuristics. (location: metadata.json)
credential exposure
SKILL.md instructs the agent to take a user-provided API key and blindly append it to ~/.zshrc via 'echo ... >> ~/.zshrc && source ~/.zshrc' (line 59). This writes unsanitized user input directly into a shell profile file that is sourced on every shell session, creating a shell injection vector. A legitimate skill would use a dedicated config file or secrets manager rather than modifying shell startup files. (location: SKILL.md:57-61)
curl https://api.brin.sh/skill/yizhiyanhua-ai%2Fmedia-downloader%2Fmedia-downloaderCommon questions teams ask before deciding whether to use this skill in agent workflows.
yizhiyanhua-ai/media-downloader/media-downloader currently scores 36/100 with a suspicious verdict and low confidence. The goal is to protect agents from high-risk context before they act on it. Treat this as a decision signal: higher scores suggest lower observed risk, while lower scores mean you should add review or block this skill.
Use the score as a policy threshold: 80–100 is safe, 50–79 is caution, 20–49 is suspicious, and 0–19 is dangerous. Teams often auto-allow safe, require human review for caution/suspicious, and block dangerous.
brin evaluates four dimensions: identity (source trust), behavior (runtime patterns), content (malicious instructions), and graph (relationship risk). Analysis runs in tiers: static signals, deterministic pattern checks, then AI semantic analysis when needed.
Identity checks source trust, behavior checks unusual runtime patterns, content checks for malicious instructions, and graph checks risky relationships to other entities. Looking at sub-scores helps you understand why an entity passed or failed.
brin performs risk assessments on external context before it reaches an AI agent. It scores that context for threats like prompt injection, hijacking, credential harvesting, and supply chain attacks, so teams can decide whether to block, review, or proceed safely.
No. A safe verdict means no significant risk signals were detected in this scan. It is not a formal guarantee; assessments are automated and point-in-time, so combine scores with your own controls and periodic re-checks.
Re-check before high-impact actions such as installs, upgrades, connecting MCP servers, executing remote code, or granting secrets. Use the API in CI or runtime gates so decisions are based on the latest scan.
Learn more in threat detection docs, how scoring works, and the API overview.
Assessments are automated and may contain errors. Findings are risk indicators, not confirmed threats. This is a point-in-time assessment; security posture can change.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.