vibekanban

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The documentation includes intentional, unsafe defaults and features—e.g., executors with "dangerously_skip_permissions"/"--yolo" and "danger-full-access" sandboxes, MCP/Remote Access endpoints (pairing codes / npx --mcp), a PTY-backed integrated terminal, arbitrary attachment upload/proxying, persistent agent config changes, and disable-cleanup options—that collectively create clear avenues for remote code execution, credential/data exfiltration, and backdoor-like remote control if abused.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly instructs running the remote package at runtime (e.g., "npx vibe-kanban" and the MCP example "npx vibe-kanban@latest --mcp"), which fetches and executes code from the npm registry (and is associated with the external repo https://github.com/BloopAI/vibe-kanban), so it is a runtime external dependency that executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly states agents are run with "--dangerously-skip-permissions/--yolo" and that agents "can still perform system-level actions," which enables bypassing security safeguards and risks modifying the host system state.