pipes-deploy-clickhouse-local

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] Functionally this is a coherent local deployment skill that performs expected tasks (create ClickHouse container, create DB, configure .env, run indexer, validate). It does not contain obvious obfuscated malware or explicit exfiltration code, but it includes supply-chain and credential-handling risks: unpinned Docker image (latest), default password fallback and printing it to stdout, execution of arbitrary project code (bun run dev), and forwarding ClickHouse credentials into an external MCP/connector binary. These behaviors are proportionate for local testing but elevate risk if used with untrusted indexer code, in shared environments, or when the MCP tool's trustworthiness is unknown. Recommend pinning images, avoiding printing credentials, requiring explicit user confirmation before running project code and before forwarding creds to external tools, and validating the MCP binary origin. LLM verification: This SKILL.md is a developer-facing deployment playbook for running a Subsquid Pipes indexer against a local ClickHouse in Docker. It is functionally consistent with its stated purpose and does not contain direct malicious code. However, there are supply-chain and credential-handling risks: it pulls an unpinned Docker image (:latest), it extracts and writes container Env passwords into a project .env (persisting plaintext credentials), and it forwards ClickHouse credentials to an MCP CLI which m