codehooks-backend

clawhub:codehooks-backend

View source

100/100

First Seen

Feb 19, 2026

Last Scanned

Feb 22, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

Global package installation EXTDL_004

external-download L33

Detects global installation of packages which affects the host system

npm install -g c

FIX

Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.

FP?

Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.

LOW

Clipboard access with network EXFIL_006

exfiltration L63

Detects clipboard access combined with network operations

pbcopy + nc

FIX

Restrict DNS queries to legitimate resolution. Block the construction of DNS names that encode arbitrary data (DNS tunneling). Monitor for unusually long or high-entropy subdomains.

FP?

Likely FP if the match is a documentation reference to DNS lookup functionality for legitimate hostname resolution.