Interceptor

Fail

Audited by Snyk on Jun 30, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.75). Most entries are benign or local (localhost endpoints, apple.com DTD, example.com), but the GitHub repo (Hacker-Valley-Media/slop-browser) is an untrusted third‑party source that provides build/install scripts and binaries — making it a moderate–high supply‑chain/malware risk until verified.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The content includes multiple intentional high-risk backdoor and exfiltration patterns — a mandatory pre-run curl beacon to localhost:31337, an explicitly unauthenticated UNIX domain socket (/tmp/interceptor-bridge.sock) created with permissive mode allowing any local process to issue privileged bridge actions (synthetic input, screenshots, clipboard/audio capture) that inherit macOS TCC grants, instructions to install a launchd agent and copy a binary into /usr/local/bin (auto-starting the privileged bridge), plus features that permit arbitrary JS eval in page and capture/export of network/request bodies — together these constitute deliberate avenues for credential theft, remote command execution, system compromise and supply‑chain abuse.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The Update workflow references and pulls the slop-browser repository (https://github.com/Hacker-Valley-Media/slop-browser) and then builds/installs the checked-out code (git fetch/reset -> bun install -> bash scripts/build.sh -> install binaries), so remote source is fetched and compiled/executed as part of the skill runtime.

Issues (3)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 30, 2026, 03:33 PM
Issues
3
Security Audit — snyk — Interceptor