ghost-proxy

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) The skill/instructions describe a legitimate MITM proxy for security testing whose capabilities match its stated purpose. There are no explicit signs of covert exfiltration or obfuscated malware in the provided text. However, it has inherent dangers: it intercepts sensitive data (by design), the install method (curl|bash from raw.githubusercontent.com) is a supply-chain risk, and the documentation recommends disabling TLS verification. Recommend caution: review the installer script before running, restrict proxy scope carefully, use ephemeral test environments, and protect the ~/.reaper database. Overall risk is moderate due to the tool's nature and install method rather than evidence of malicious code. LLM verification: This skill documents a legitimate MITM proxy for security testing. The primary supply-chain and operational risks are the use of a pipe-to-shell installer fetched from GitHub raw content without integrity checks and the inherent sensitivity of captured traffic stored locally. There is no direct evidence in the provided documentation of malicious code, exfiltration, obfuscation, or hard-coded secrets, but executing an unverified remote installer could introduce such risks. Treat the installer pat