astrowind

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] No malicious code or supply-chain attack patterns are present in the provided README/template instructions. The file contains normal clone, install, build, and deploy instructions for a web template. The only notable operational risks are: (1) the optional rm -rf .git command which deletes git history if executed, and (2) the requirement to provide a deployment token (VERCEL_TOKEN) when using vendor CLIs — users should not paste tokens into untrusted terminals or share them. Overall this appears BENIGN but exercise standard caution with destructive shell commands and secrets. LLM verification: The provided documentation is a legitimate setup/deploy guide for a starter template. It contains explicit destructive filesystem commands (rm -rf .git and bulk mv of files including dotfiles) and standard supply-chain vectors (npm install, npm run). There is no direct evidence in this file of obfuscated code, backdoors, credential exfiltration to attacker domains, or embedded malware. Recommended mitigations: do not run destructive commands in non-empty projects, inspect cloned repository conte