nv-segment-ctmr
Warn
Audited by Socket on Jun 18, 2026
1 alert found:
AnomalyAnomalyBENCHMARK.md
LOWAnomalyLOW
BENCHMARK.md
This fragment provides no direct skill source code, but it reports a meaningful static finding around process execution (`subprocess.run` with `cmd` and a custom environment) and broader Bash/least-privilege concerns (environment manipulation and file I/O). The fragment contains no explicit evidence of malware behaviors like data exfiltration or persistence; however, subprocess/shell execution creates a security-relevant risk surface that should be manually reviewed—specifically whether `cmd` is fixed/allowlisted, whether untrusted inputs can influence command arguments, what `run_env` contains, and where captured outputs are handled.
Confidence: 52%Severity: 62%
Audit Metadata