fleet-ops
Warn
Audited by Socket on May 18, 2026
1 alert found:
SecuritySecurityscripts/fleet.sh
MEDIUMSecurityMEDIUM
scripts/fleet.sh
No clear evidence of overt malware (no network calls, no credential theft, no persistence/backdoor code) is present in this fragment. However, the script has high-impact security risk due to `source "$CONFIG"` and especially `eval "$TEST_CMD"` (where TEST_CMD comes from the sourced config). If an attacker can influence the config contents, this becomes arbitrary command execution on the host and could be used as a sabotage mechanism (e.g., altering repos, stealing data via commands, or writing malicious files). Treat this as a security-alert package/module rather than safe automation.
Confidence: 72%Severity: 70%
Audit Metadata