First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
9
Score
47/100
Findings (9)
Detects privilege escalation patterns like setuid, chown root, or sudo with shell commands
setuidAvoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.
Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.
Detects privilege escalation patterns like setuid, chown root, or sudo with shell commands
setuidAvoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.
Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.
Detects privilege escalation patterns like setuid, chown root, or sudo with shell commands
setuidAvoid depending on packages that could be subject to typosquatting or name confusion. Verify package ownership, check download counts, and audit the package source before adding dependencies.
Likely FP if the flagged package is a well-known, high-download-count package from a verified publisher.
Detects pulling and running Docker images from external registries
docker
pull mcr.microsoft.com/playwrightPin Docker images to a specific digest (e.g., image@sha256:abc...) instead of using mutable tags like :latest. Use trusted base images from verified publishers.
Likely FP if the Docker command pulls a well-known official image (e.g., docker pull python:3.11) in setup documentation.
Detects pip install of arbitrary packages that modify the host environment
pip
install
plPin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.
Likely FP if the match is in documentation showing how to install the skill's own PyPI package.
Detects execution of shell script files via bash/sh command or direct invocation
sh
~/.claude/skills/playwright-local/scripts/install-browsers.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects global installation of packages which affects the host system
npm
install
-g
@Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.
Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.
Detects MCP server configs using npx to run packages without version pinning
"command"
:
"npx"Pin the npx package in the MCP config to an exact version (e.g., @scope/server@1.2.3). Unpinned npx commands can silently fetch a compromised package version.
Likely FP if the MCP config is a local development setup example, though unpinned npx in production configs is a real supply chain risk.
Detects system-level package installation via brew, apt, yum, or dnf
apt-get
install
lPin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.
Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.