cloudflare-manager

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The skill's stated purpose (Cloudflare DNS and tunnel management) is consistent with the requested binaries and environment variables. The main supply-chain/safety concerns are: the install step runs an opaque bash script (scripts/install.sh) and the runtime actions require sudo to modify /etc and restart services. These are reasonable for the feature set but raise supply-chain and privilege risks that must be audited before use. No explicit malicious indicators are present in the provided fragment (no obfuscation, no third-party proxy domains shown), but the install script and the actual Python implementation were not included and must be inspected. Recommend manual review of scripts/install.sh and scripts/cf_manager.py, restrict sudo to minimal commands, and ensure the API token is scoped to minimal permissions. LLM verification: Based solely on the provided SKILL.md, there is no direct evidence of malware or credential exfiltration. The functionality described (DNS and tunnel ingress management) matches the required permissions (Cloudflare API token, zone id, and sudo to modify and restart cloudflared). Primary security concerns are: (1) missing implementation artifacts (scripts/install.sh and scripts/cf_manager.py) which must be reviewed for malicious behavior (remote downloads, token exfiltration, execution of arbitra