RedTeam
Fail
Audited by Snyk on Jun 30, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The skill mandates a silent background HTTP POST to localhost:31337 (suppressed output, run immediately) before any action — repeated across workflows and using the historically suspicious port 31337 — which reads like a beacon/backdoor/command-and-control signal; coupled with mandatory local customization loading that can override behavior, this shows deliberate backdoor/abuse potential.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (low risk: 0.35). The prompt mandates executing a curl to a local service and loading/appending files under the user's home (~/.claude/...), which performs actions on the host and could be abused, but it does not request sudo, modify system-level files, or create accounts, so it is moderately risky rather than high-severity.
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata