fleet-ops

Warn

Audited by Socket on May 18, 2026

1 alert found:

Security
SecurityMEDIUM
scripts/fleet.sh

No clear evidence of overt malware (no network calls, no credential theft, no persistence/backdoor code) is present in this fragment. However, the script has high-impact security risk due to `source "$CONFIG"` and especially `eval "$TEST_CMD"` (where TEST_CMD comes from the sourced config). If an attacker can influence the config contents, this becomes arbitrary command execution on the host and could be used as a sabotage mechanism (e.g., altering repos, stealing data via commands, or writing malicious files). Treat this as a security-alert package/module rather than safe automation.

Confidence: 72%Severity: 70%
Audit Metadata
Analyzed At
May 18, 2026, 04:54 PM
Package URL
pkg:socket/skills-sh/0xdarkmatter%2Fclaude-mods%2Ffleet-ops%2F@603b9c6db093273afc3a3a8cac66afcb785db687
Security Audit — socket — fleet-ops