summon
Warn
Audited by Socket on Jul 4, 2026
1 alert found:
AnomalyAnomalybin/summon.cmd
LOWAnomalyLOW
bin/summon.cmd
This batch file is a thin launcher that executes a local Python script from a user-specific Claude “skills/summon” directory and forwards all caller-provided arguments. While it does not itself show exfiltration or credential theft, the comment’s claim about cross-account Code-tab session pulling is a strong privacy-invasive indicator, and the wrapper provides no integrity checks before executing local, potentially modifiable code. Risk hinges on the unseen summon.py behavior (especially any local session reading and any network transmission).
Confidence: 52%Severity: 65%
Audit Metadata