hsb-setup
Audited by Socket on Jun 18, 2026
3 alerts found:
Anomalyx3This code fragment is primarily an interactive local configuration loader. It does not show direct malware behaviors like exfiltration or reverse shells, but it performs security-sensitive actions: it bypasses execution policy and dot-sources a local setup script, then launches a CLI based on environment variables set by that script. If an attacker can tamper with set-hsb-env.ps1 or the local profiles directory/files, this becomes a practical arbitrary code execution vector under the user’s privileges. Security risk is moderate due to the elevated execution mechanism and dependency on local file integrity, while explicit malicious intent is not evidenced here.
This is a local environment-profile loader. The dominant risk is that it dot-sources a filesystem script derived from a user-controlled parameter, which can become arbitrary code execution if profile files are tampered with or selection is manipulated. The snippet itself does not show network exfiltration or credential theft, but it does print environment/SSH-related configuration values that may be sensitive depending on how logs/console output are handled.
The provided fragment is a launcher that enables high-impact PowerShell execution (dot-sourcing a companion script) with -ExecutionPolicy Bypass and forwards an unvalidated profile argument into that execution context, then runs a command named "claude" whose resolution is environment-dependent. No direct malicious activity is visible in this snippet alone, but the security posture is moderately risky and warrants inspection of set-hsb-env.ps1 (especially how it uses -Profile and whether it performs network/file/process actions) and verification of what "claude" resolves to.