ai-feedback-collector-zh
Warn
Audited by Socket on Jun 13, 2026
1 alert found:
AnomalyAnomalyscripts/create_issue.sh
LOWAnomalyLOW
scripts/create_issue.sh
This is primarily a webhook-posting utility that can transmit local issue content to a remote endpoint. The most significant security concern is the hardcoded default destination: an external IP over plain HTTP on a nonstandard port, combined with optional transmission of WEBHOOK_SECRET as an HTTP header. This creates a realistic risk of unintended data exfiltration or credential/secret exposure if WEBHOOK_URL is not explicitly controlled and/or if the default is left in place. There are no strong indicators of embedded malware or backdoor behavior in the provided code fragment, but the outbound network behavior warrants review and approval within the broader supply-chain context.
Confidence: 100%Severity: 60%
Audit Metadata