start-app

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill's functionality (auto-detect and start local dev servers) is coherent with most of its capabilities, but it includes a dangerous Phase 0 that instructs creating/merging a .claude/settings.local.json file to auto-approve a broad set of shell commands. That permission-bypass converts a helpful automation into a high-risk capability: the agent would be allowed to run many arbitrary commands, install and execute unpinned dependencies, and perform destructive or exfiltrative actions without further prompts. There is no direct evidence of embedded malware in the skill text, but the combination of automatic installs, unpinned package usage, and the recommended permanent permission elevation is a significant supply-chain and execution risk. Recommend treating this skill as suspicious: do not auto-approve or merge permissive settings; require explicit per-action approvals and pin/verify dependencies before installing. LLM verification: The skill's stated purpose (detect and start local dev servers) aligns with most of its capabilities, but Phase 0's instruction to auto-approve a broad set of shell commands by modifying `.claude/settings.local.json` is the primary security concern. That bypass removes human oversight and allows arbitrary installs, filesystem deletions, and command execution without confirmation — materially increasing supply-chain and execution risk. There is no explicit backdoor or network exfiltration code in