agent-defibrillator

clawhub:agent-defibrillator

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

Git clone and execute chain SUPPLY_012

supply-chain L22

Detects git clone of repositories followed by execution of cloned content

git clone https://github.com/hazy2go/agent-defibrillator.git + cd agent-defibrillator
./install.sh

FIX

Review the dependency tree for nested or transitive dependencies that introduce risk. Use tools like npm audit or pip-audit to identify known vulnerabilities in the dependency chain.

FP?

Likely FP if the flagged dependency is a standard, widely-used library with no known vulnerabilities at the time of scanning.

LOW

Shell script file execution CMDEXEC_013

command-execution L24

Detects execution of shell script files via bash/sh command or direct invocation

./install.sh

FIX

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

FP?

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.