ln-030-vps-bootstrap
Warn
Audited by Socket on May 5, 2026
1 alert found:
AnomalyAnomalyreferences/god-session.sh
LOWAnomalyLOW
references/god-session.sh
No explicit indicators of classic malware behavior are present in this fragment (no reverse shells, no direct network calls, no obvious credential theft code, no persistence/backdoor logic beyond standard systemd/tmux lifecycle). The main supply-chain security concerns are configuration-driven and impact-amplifying: the script runs Claude with --dangerously-skip-permissions and executes a shell command via tmux that interpolates an unquoted ${PROJECT_DIR} (a command-injection risk only if that value can be influenced). Overall, malicious probability is low, but the security risk is moderate due to permission weakening and the sensitivity of local command/secret inputs.
Confidence: 66%Severity: 56%
Audit Metadata