Skills
skills/l3digital-net/claude-code-plugins/zwave-js/Snyk

zwave-js

Warn

Audited by Snyk on Mar 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes explicit privileged operations (e.g., "sudo systemctl restart zwavejs2mqtt" and "sudo usermod -aG dialout $USER") that modify system state and user/group membership, so it could cause the agent to change the machine's security-sensitive configuration.

Issues (1)

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 18, 2026, 01:39 PM
Issues
1
Security Audit — snyk — zwave-js