send-file
Warn
Audited by Socket on Jun 18, 2026
1 alert found:
AnomalyAnomalyscripts/send-file.ts
LOWAnomalyLOW
scripts/send-file.ts
This module itself contains no obvious obfuscation or explicit malicious logic, but it is a permissioned CLI wrapper that delegates to `callSkillApi` to perform a 'send-file' operation using a user-supplied local file path and a user-supplied remote API URL. The code lacks validation/allowlisting for both the destination and the file path, so the security posture depends heavily on the (missing) `../../lib/client.ts` implementation. Overall, it has a medium security risk primarily due to exfiltration-enabling data-flow shape and broad runtime permissions, not confirmed malware.
Confidence: 56%Severity: 62%
Audit Metadata