First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
8
Score
0/100
Findings (8)
Detects patterns of downloading and piping to shell execution
curl \| bashDownload the file first, verify its integrity (checksum, signature), inspect it, then run it. Prefer package managers over raw downloads. Never fetch-and-run in one step.
Likely FP if the target is a well-known installer (e.g., rustup, Homebrew) from its canonical HTTPS domain, though the pattern is inherently risky.
Detects downloading scripts piped directly to a shell interpreter
curl \| bashDownload the script first, inspect it, verify its checksum, then run it. Do not pipe curl/wget output directly to sh/bash. Prefer package manager installs.
Likely FP if the download is from a well-known installer domain (e.g., brew.sh, rustup.rs), though this pattern is inherently risky even with trusted sources.
Detects common reverse shell patterns across multiple languages
bash -i >& /dev/tcp/Audit post-install scripts (postinstall, preinstall hooks) in dependencies. Block or sandbox post-install script execution, especially for packages added by skill instructions.
Likely FP if the post-install hook runs a standard build step (e.g., compiling native modules with node-gyp) for a well-known package.
Detects patterns of downloading and piping to shell execution
curl | bashDownload the file first, verify its integrity (checksum, signature), inspect it, then run it. Prefer package managers over raw downloads. Never fetch-and-run in one step.
Likely FP if the target is a well-known installer (e.g., rustup, Homebrew) from its canonical HTTPS domain, though the pattern is inherently risky.
Detects instructions to decode and execute base64 content
Base64 execution chains, hex escapes with evalRemove text that simulates multi-turn conversations or fake user/assistant message pairs. These patterns attempt to manipulate the agent by fabricating conversation history.
Likely FP if the matched text is documentation showing example conversations or API request/response formats for illustration purposes.
Detects cron jobs or scheduled tasks that execute commands
crontab editing, SSH Validate cron expressions and scheduled commands against an allowlist. Ensure scheduled tasks cannot be modified by untrusted input and log all cron job changes.
Likely FP if the match is a documentation reference to crontab syntax or a short mention of cron in a description of scheduling concepts.
Detects outbound connections to non-standard ports
/dev/tcp/192.168.1.100/4444Restrict network connections to standard ports (80, 443) and explicitly allowlisted service ports. Block connections to unusual ports that could indicate covert channels.
Likely FP if the non-standard port is localhost (127.0.0.1) used for local development servers (e.g., port 3000, 8080, 5432 for a local database).
Detects chained commands using shell operators with dangerous operations
curl \| bashBreak chained commands into discrete, individually validated steps. Avoid piping untrusted output directly into a shell interpreter.
Likely FP if the matched text is a documentation example showing a common installer one-liner for a well-known tool with a canonical URL.