xiaolvs-pipeline
Warn
Audited by Socket on Jun 29, 2026
2 alerts found:
SecurityAnomalySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
Anomalyscripts/start_tunnel.sh
LOWAnomalyLOW
scripts/start_tunnel.sh
This Bash script is an SSH reverse-tunneling helper that exposes a chosen local port (default 5001) to the public internet through localhost.run for webhook/callback use. It does not directly exhibit classic malware behaviors (no exfiltration routines, persistence, or obfuscated execution), but it materially increases security risk by (1) disabling SSH host key verification and (2) making the forwarded local service externally reachable via a third-party tunnel provider. Treat as security-sensitive operational networking code; verify the forwarded service is intended and hardened, and avoid StrictHostKeyChecking=no in threat-sensitive environments.
Confidence: 68%Severity: 60%
Audit Metadata