hsb-setup

Warn

Audited by Socket on Jun 18, 2026

3 alerts found:

Anomalyx3
AnomalyLOW
windows/Microsoft.PowerShell_profile.ps1

This code fragment is primarily an interactive local configuration loader. It does not show direct malware behaviors like exfiltration or reverse shells, but it performs security-sensitive actions: it bypasses execution policy and dot-sources a local setup script, then launches a CLI based on environment variables set by that script. If an attacker can tamper with set-hsb-env.ps1 or the local profiles directory/files, this becomes a practical arbitrary code execution vector under the user’s privileges. Security risk is moderate due to the elevated execution mechanism and dependency on local file integrity, while explicit malicious intent is not evidenced here.

Confidence: 62%Severity: 58%
AnomalyLOW
windows/set-hsb-env.ps1

This is a local environment-profile loader. The dominant risk is that it dot-sources a filesystem script derived from a user-controlled parameter, which can become arbitrary code execution if profile files are tampered with or selection is manipulated. The snippet itself does not show network exfiltration or credential theft, but it does print environment/SSH-related configuration values that may be sensitive depending on how logs/console output are handled.

Confidence: 70%Severity: 60%
AnomalyLOW
windows/run-hsb.cmd

The provided fragment is a launcher that enables high-impact PowerShell execution (dot-sourcing a companion script) with -ExecutionPolicy Bypass and forwards an unvalidated profile argument into that execution context, then runs a command named "claude" whose resolution is environment-dependent. No direct malicious activity is visible in this snippet alone, but the security posture is moderately risky and warrants inspection of set-hsb-env.ps1 (especially how it uses -Profile and whether it performs network/file/process actions) and verification of what "claude" resolves to.

Confidence: 55%Severity: 60%
Audit Metadata
Analyzed At
Jun 18, 2026, 04:35 PM
Package URL
pkg:socket/skills-sh/promptingcompany%2Fnv-skills%2Fhsb-setup%2F@0f478d97814b1830e62f4cfee55d22385678a51c87edc2fc2326c12372b71f7e
Security Audit — socket — hsb-setup