api-mock

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] This code is a legitimate mock-server generator that creates local mock tooling (Prism, MSW, json-server, WireMock), mock data generators, and documentation. I found no direct indicators of malware, credential theft, or backdoors in the provided content. The main security considerations are: (1) supply-chain risk from running npm installs and downloading/executing external artifacts (curl + java -jar), and (2) network exposure because generated start scripts bind services to 0.0.0.0. Recommended mitigations: review and pin npm dependency versions before installing, run installs in isolated/sandboxed environments or CI with verified package policies, avoid global installs in shared environments, modify start scripts to bind to 127.0.0.1 where appropriate, and require explicit user confirmation before modifying package.json. LLM verification: This skill appears benign in intent — it legitimately creates local mock servers, handlers, fake data, and documentation. However, it contains supply-chain risk patterns: unpinned npm installs (including global install attempts) and a curl download of a WireMock JAR that is executed with java -jar without integrity checks. These download-and-execute and unpinned-dependency patterns increase the security risk and warrant caution. Recommend: review and pin dependency versions, avoid global install