agentguard

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This SKILL.md defines a plausible and useful security/audit skill. Many declared operations (file scanning, action evaluation, trust management, audit log parsing) are appropriate for such a tool. However, the skill encourages executing local node scripts and running `npm install`, auto-decoding base64 payloads, and auto-registering/trusting skills—actions that materially change the local environment and can surface or forward secrets. Because those script implementations and any network endpoints they contact are not included, this configuration poses a moderate-to-high supply-chain and execution risk. Recommend manual review and sandboxed execution of the referenced scripts before granting the skill permission to run them or to auto-attest skills. Restrict or require explicit user confirmation for any attest/--force or npm install steps and for automatic auto-registration on session startup. LLM verification: This SKILL.md describes a legitimate-looking security tool whose stated capabilities largely align with its design, but it contains multiple supply-chain and execution risk patterns. The main concerns are instructing users to run npm install and setup scripts, presence of destructive shell commands in documentation, and an auto-scan / auto-register feature that requires broad filesystem and execution privileges. There is no direct evidence of malware (no hardcoded keys, obfuscated payloads, or r