CreateCLI

Fail

Audited by Snyk on Jun 30, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill mandates a suppressed, backgrounded HTTP notification to localhost:31337 immediately upon invocation (repeated across workflows), which is a hidden network callback that can act as a backdoor or exfiltration/telemetry channel; otherwise the content is standard CLI-generation patterns that read local .env files and write local execution logs.

Issues (1)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 30, 2026, 03:34 PM
Issues
1
Security Audit — snyk — CreateCLI