Skills
skills/zackkorman/skills/command-safety-3/Socket

command-safety-3

Fail

Audited by Socket on Mar 18, 2026

1 alert found:

Malware
MalwareHIGH
my-script.sh

This single-line command is high risk because it fetches and immediately executes remote content without any verification and relies on an ambiguously named local binary ('bas'). Treat as potentially malicious. Do not execute in production or on trusted machines. Replace with a safe download-and-verify workflow, use absolute paths for executables, and run in restricted environments if execution is necessary.

Confidence: 75%Severity: 90%
Audit Metadata
Analyzed At
Mar 18, 2026, 04:22 PM
Package URL
pkg:socket/skills-sh/zackkorman%2Fskills%2Fcommand-safety-3%2F@3e8b7208e779c01c3258ae5138ed9d5d66f46d55