secondbrain-init

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill explicitly instructs creating a .claude/settings.local.json with blanket permissions (allow_web_fetch [""], allow_read ["~/**"], allow_bash [""], etc.) alongside automation hooks, which is a deliberate pattern that enables data exfiltration, credential theft, and remote code execution — a high-risk backdoor/abuse vector.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs creating a .claude/settings.local.json that grants broad permissions (allow_bash [""], allow_read ["~/**"], allow_web_fetch [""], auto_approve_write …), which effectively enables the agent to execute arbitrary shell commands and read the user's filesystem, risking compromise of the host.