supply-chain-audit

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill content documents and detects multiple deliberate supply‑chain attack techniques — credential theft (OIDC/GH PAT harvesting, trufflehog scanning), data exfiltration (typosquat/C2 domains, Session dead‑drops), persistence (LaunchAgent/systemd/Run keys), hidden-dependency/postinstall RAT delivery (plain-crypto-js → sfrclak.com), preinstall/postinstall execution and optionalDependencies git‑ref smuggling, and an explicit dead‑man’s‑switch that runs rm -rf $HOME — all clear backdoor/exfiltration patterns; the scanner code itself appears to be a read‑only detector, not malware, but the content describes high‑risk malicious behaviors and persistence mechanisms.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.40). The skill is primarily read-only and avoids privileged actions, but it explicitly instructs the agent to "append a new entry" and "write the new entry and re-run the scan" (i.e., modify iocs.json / bump version), which contradicts the read-only claim and directs the agent to change files on disk — a non‑privileged but real state modification risk — so I mark it as a moderate risk.