←back to thread

Show HN: Vet – A tool for safely running remote shell scripts

(getvet.sh)
89 points a10r | 1 comments | 28 Jun 25 19:56 UTC | HN request time: 0.216s | source
Show context
alganet ◴[28 Jun 25 22:02 UTC] No.44408524[source]
What if someone peppers their malicious script with `# shellcheck disable=` pragmas?
replies(1): >>44412665 #
1. a10r ◴[29 Jun 25 12:44 UTC] No.44412665[source]
Great point.

A malicious actor could definitely do that. That’s why vet’s model doesn’t rely solely on ShellCheck—it’s just one layer. The key layer here is the diff. Even if the linter is silenced, the diff reveals any new suspicious # shellcheck disable= lines added to trusted scripts. That change alone is a red flag.