syncause-debugger

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains multiple high-risk supply-chain and backdoor patterns: hard-coded GitHub tokens, remote code download-and-execute (curl | bash), build-time bytecode/plugin arguments that open a WebSocket/code-proxy endpoint, and instructions to install a tracer that can capture and transmit runtime secrets—enabling data exfiltration and remote code execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime websocket endpoint wss://api.syn-cause.com/codeproxy/ws (passed into the com.syncause.bytebuddy.plugin.SyncausePlugin and referenced by the SDK/probe), which is used at runtime to connect to a remote "codeproxy" that can push/execute instructions—indicating a remote code/control dependency.