{
  "rule_ids": [
    "pipe_to_interpreter"
  ],
  "severity": "HIGH",
  "command_redacted": "tailscale status --json 2>&1 | python3 -c \"\nimport sys, json\nd = json.load(sys.s...",
  "findings": [
    {
      "rule_id": "pipe_to_interpreter",
      "severity": "HIGH",
      "title": "Pipe to interpreter: tailscale | python3",
      "description": "Command pipes output from 'tailscale' directly to interpreter 'python3'. Downloaded content will be executed without inspection.",
      "evidence": [
        {
          "type": "command_pattern",
          "pattern": "pipe to interpreter",
          "matched": "tailscale status --json 2>&1 | python3 -c \"\nimport sys, json\nd = json.load(sys.stdin)\nself = d.get('Self', {})\n# 打印所有信息看看有没有邮箱\nfor k, v in sorted(self.items()):\n    print(f'{k}: {v}')\n\" 2>&1"
        }
      ],
      "mitre_id": "T1059.004"
    }
  ],
  "timestamp": "2026-06-17T22:28:11.371808202+00:00"
}