First Seen
Feb 20, 2026
Last Scanned
Feb 22, 2026
Findings
3
Score
55/100
Findings (3)
Skill can read private data AND execute arbitrary code. This combination enables credential theft via dynamic code.
[reads_private_data] /etc/passwd + [executes_code] exec(Add input validation between the user-controlled data source and the security-sensitive sink (e.g., file writes, command execution). Implement allowlisting for acceptable input patterns.
Likely FP if the user input passes through explicit validation or sanitization before reaching the sensitive operation, and the taint tracker missed the sanitization step.
Detects DNS-based data exfiltration techniques
DNS exfilLimit clipboard access to write-only operations or require explicit user confirmation before reading clipboard contents. Block transmission of clipboard data to external endpoints.
Likely FP if the skill is a clipboard manager whose documented purpose is to sync clipboard content with the user's own devices.
Detects privilege escalation patterns like setuid, chown root, or sudo with shell commands
setuidAvoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.
Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.