claude-local-bridge

clawhub:claude-local-bridge

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

Git clone and execute chain SUPPLY_012

supply-chain L41

Detects git clone of repositories followed by execution of cloned content

git clone https://github.com/suhteevah/claude-local-bridge.git + cd claude-local-bridge
pip install

FIX

Review the dependency tree for nested or transitive dependencies that introduce risk. Use tools like npm audit or pip-audit to identify known vulnerabilities in the dependency chain.

FP?

Likely FP if the flagged dependency is a standard, widely-used library with no known vulnerabilities at the time of scanning.

LOW

Mutable GitHub raw content reference THIRDPARTY_002

third-party-content L60

Detects references to raw.githubusercontent.com on mutable branches like main/master

github.com/suhteevah/claude-local-bridge/blob/main/tunnel.md).

FIX

Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.

FP?

Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.