slidespeak

clawhub:slidespeak

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

Unscoped Bash tool in allowed tools INDIRECT_010

command-execution L4

Detects skills that include unscoped Bash in their allowed tools list (not Bash(cmd:*) scoped)

allowed-tools: Bash

FIX

Scope the Bash tool to specific commands using allowedTools patterns (e.g., Bash(git *) instead of bare Bash). Remove blanket Bash access from allowed_tools lists.

FP?

Likely FP if the Bash entry in allowed_tools is part of a constrained configuration that limits commands elsewhere (e.g., via system prompt restrictions).

LOW

Runtime URL controlling behavior THIRDPARTY_001

third-party-content L71

Detects URLs fetched at runtime that control or influence agent behavior without pinning

Get your API key from https:// + settings

FIX

Avoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.

FP?

Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.