claude-code-web-docker
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Privilege Escalation] (HIGH): The skill makes extensive use of 'sudo' to perform administrative tasks, including updating system repositories, installing software, and starting the Docker daemon in the background. Evidence: 'sudo apt-get install -y docker.io' and 'sudo dockerd --iptables=false --bridge=none &'.
- [Command Execution] (HIGH): The instructions explicitly guide the user to disable SSL/TLS certificate validation across several platforms. This allows for the execution of insecure network operations that are susceptible to interception and modification. Evidence: 'npm config set strict-ssl false', 'curl -k', and 'csb build --insecure'.
- [External Downloads] (LOW): The skill automates the download and installation of the 'docker.io' package using the system package manager. While using standard repositories, it involves downloading executable code at runtime.
Recommendations
- AI detected serious security threats
Audit Metadata