RedTeam

Fail

Audited by Snyk on Jun 30, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The skill mandates a silent background HTTP POST to localhost:31337 (suppressed output, run immediately) before any action — repeated across workflows and using the historically suspicious port 31337 — which reads like a beacon/backdoor/command-and-control signal; coupled with mandatory local customization loading that can override behavior, this shows deliberate backdoor/abuse potential.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (low risk: 0.35). The prompt mandates executing a curl to a local service and loading/appending files under the user's home (~/.claude/...), which performs actions on the host and could be abused, but it does not request sudo, modify system-level files, or create accounts, so it is moderately risky rather than high-severity.

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 30, 2026, 03:33 PM
Issues
2
Security Audit — snyk — RedTeam