First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
4
Score
84/100
Findings (4)
Detects outbound connections to non-standard ports
http://127.0.0.1:8888Restrict network connections to standard ports (80, 443) and explicitly allowlisted service ports. Block connections to unusual ports that could indicate covert channels.
Likely FP if the non-standard port is localhost (127.0.0.1) used for local development servers (e.g., port 3000, 8080, 5432 for a local database).
Detects privilege escalation patterns like setuid, chown root, or sudo with shell commands
sudo chmodAvoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.
Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.
Detects pip install of arbitrary packages that modify the host environment
pip3 install spPin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.
Likely FP if the match is in documentation showing how to install the skill's own PyPI package.
Detects outbound connections to non-standard ports
http://127.0.0.1:8888Restrict network connections to standard ports (80, 443) and explicitly allowlisted service ports. Block connections to unusual ports that could indicate covert channels.
Likely FP if the non-standard port is localhost (127.0.0.1) used for local development servers (e.g., port 3000, 8080, 5432 for a local database).