herobrine

[Skill Scanner] Instruction to copy/paste content into terminal detected All findings: [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The code enables convenient scheduled automation of headless model runs but does so by design choices that materially increase the risk of data exfiltration and unintended privileged actions: autonomous runs with --dangerously-skip-permissions, delegated network delivery by the spawned model, invocation of arbitrary skills, and persistent launchd scheduling. I assess this as a high-risk tool for general-purpose use. It is not demonstrably malware in itself, but it should only be used in tightly controlled, isolated environments with careful auditing of created launchd plists, prompts, and logs. Avoid referencing sensitive files/credentials in prompts and consider replacing model-driven delivery with an auditable local delivery mechanism. LLM verification: SUSPICIOUS — The skill's declared purpose (scheduled autonomous prompts) aligns with its capabilities, but the combination of headless execution using --dangerously-skip-permissions, arbitrary prompt content (including local paths and skill invocations), persistent scheduled execution via launchd, and automatic delivery to an external chat (Beeper/MCP) creates a high-risk capability for credential or data exfiltration and unintended privileged actions. The manifest shows no safeguards (sandboxin