ClawAudit verdict
xhs-catch
zion-xhs-catch-skill
The setup instructions explicitly direct users to run 'curl -fsSL https://cdn.kimi.com/webbridge/install.sh | bash' and 'irm https://cdn.kimi.com/webbridge/install.ps1 | iex', which are classic remote-code-execution patterns that execute untrusted remote scripts directly in the shell.
β Flagged for review β coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.
Automated static analysis β not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
Permission integrity
package_install
Findings (6)
Possible hardcoded credential
SKILL.md Β· code Β· token="δ½ ηεζ₯Token
Pipe-to-shell pattern (curl | sh) β supply chain attack vector
SKILL.md Β· prose Β· downgraded Β· curl -fsSL https://cdn.kimi.com/webbridge/install.sh | bash
Pipe to bash β executes piped content as shell commands
SKILL.md Β· prose Β· downgraded Β· | bash
<script> tag in markdown β potential code injection
scripts/generate-report.ts Β· prose Β· downgraded Β· <script>
References child_process β can spawn system processes
scripts/webbridge-crawl.ts Β· prose Β· downgraded Β· child_process
HTTP request to bare IP address β common in malicious payloads
scripts/webbridge-crawl.ts Β· prose Β· downgraded Β· http://127.0.0.1
Why the tier is capped
Execution sink present in raw bytes (Hard Floor: class A/B/D/E). Final tier capped at Caution β cannot be lifted by any downgrade, example-payload opt-in, or allowlist.
Permissions & capabilities
No declared permissions β minimal attack surface.
package_install Is this flag fair?
Thanks β recorded.