First Seen
Feb 20, 2026
Last Scanned
Feb 20, 2026
Findings
2
Score
100/100
Findings (2)
Detects skills that include unscoped Bash in their allowed tools list (not Bash(cmd:*) scoped)
allowed-tools: Read, Grep, Bash,Scope the Bash tool to specific commands using allowedTools patterns (e.g., Bash(git *) instead of bare Bash). Remove blanket Bash access from allowed_tools lists.
Likely FP if the Bash entry in allowed_tools is part of a constrained configuration that limits commands elsewhere (e.g., via system prompt restrictions).
Detects system-level package installation via brew, apt, yum, or dnf
brew install fPin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.
Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.