when-bridging-web-cli-use-web-cli-teleport
Fail
Audited by Snyk on Jun 26, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The project intentionally exposes an unauthenticated HTTP/WebSocket bridge that constructs and execs arbitrary shell commands from client-provided input and broadcasts command output to connected clients (CORS/origin '*' and public Docker exposure), which amounts to remote code execution, a backdoor-like control channel, and enables easy data exfiltration and credential theft.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly runs the external npm tool "npx claude-flow@alpha" (which will fetch and execute code from the npm registry, e.g. the package at registry.npmjs.org/claude-flow) during runtime, so this is a required external dependency that executes remote code.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The bridge exposes an /api/cli/execute endpoint that concatenates and runs arbitrary command strings from web input via child_process.exec with no enforced whitelist, sandboxing, or required authentication in the provided prompt, effectively enabling remote arbitrary command execution that can modify system state (create users, change services, edit files, install packages, etc.).
Issues (3)
E006
CRITICALMalicious code pattern detected in skill scripts.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata