Skip to main content

bun-shell

Enables powerful shell scripting with Bun, allowing for command execution, subprocess management, and environment variable handling.

Install this skill

or
0/100

Security score

The bun-shell skill was audited on May 12, 2026 and we found 21 security issues across 2 threat categories, including 13 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 139

Direct command execution function call

SourceSKILL.md
139const proc = Bun.spawn(["echo", "Hello World"]);
high line 147

Direct command execution function call

SourceSKILL.md
147const proc = Bun.spawn(["node", "script.js"], {
high line 174

Direct command execution function call

SourceSKILL.md
174Bun.spawn(["ls"], { stdio: ["inherit", "inherit", "inherit"] });
high line 177

Direct command execution function call

SourceSKILL.md
177Bun.spawn(["ls"], { stdin: "pipe", stdout: "pipe", stderr: "pipe" });
high line 180

Direct command execution function call

SourceSKILL.md
180Bun.spawn(["ls"], { stdout: null, stderr: null });
high line 183

Direct command execution function call

SourceSKILL.md
183Bun.spawn(["ls"], {
high line 192

Direct command execution function call

SourceSKILL.md
192const proc = Bun.spawn(["tail", "-f", "log.txt"], {
high line 208

Direct command execution function call

SourceSKILL.md
208const result = Bun.spawnSync(["ls", "-la"]);
high line 288

Direct command execution function call

SourceSKILL.md
288Bun.spawn(["npm", "run", "lint"]),
high line 289

Direct command execution function call

SourceSKILL.md
289Bun.spawn(["npm", "run", "typecheck"]),
high line 290

Direct command execution function call

SourceSKILL.md
290Bun.spawn(["npm", "run", "test"]),
high line 302

Direct command execution function call

SourceSKILL.md
302const proc = Bun.spawn(["node"], {
high line 314

Direct command execution function call

SourceSKILL.md
314const proc = Bun.spawn(["long-running-process"]);
medium line 39

Template literal with variable interpolation in command context

SourceSKILL.md
39await $`echo "Hello ${name}"`;
medium line 40

Template literal with variable interpolation in command context

SourceSKILL.md
40await $`ls ${dir}`;
medium line 44

Template literal with variable interpolation in command context

SourceSKILL.md
44await $`touch ${files}`;
medium line 226

Template literal with variable interpolation in command context

SourceSKILL.md
226console.log(`Current branch: ${branch.trim()}`);
low line 111

Access to .env file

SourceSKILL.md
111await $`echo $MY_VAR`.env({ MY_VAR: "value" });
low line 114

Access to .env file

SourceSKILL.md
114$.env.MY_VAR = "value";
low line 118

Access to .env file

SourceSKILL.md
118await $`env`.env({});
low line 151

Access to .env file

SourceSKILL.md
151...process.env,
Scanned on May 12, 2026
View Security Dashboard
Installation guide →
GitHub Stars 73
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
frontendgitapitestingdevopsbackendbackend-developerdevops-srefullstack-developerdevelopment
secondsky/claude-skills