Skills
skills/andreadellacorte/groove/groove-admin-claude-statusline/Gen Agent Trust Hub

groove-admin-claude-statusline

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The statusline.sh script retrieves the Claude Code OAuth access token by querying the macOS Keychain (security find-generic-password) or reading ~/.claude/.credentials.json. This access is necessary for the usage tracking feature but involves handling authentication secrets.
  • [EXTERNAL_DOWNLOADS]: The skill uses curl to transmit the OAuth token to https://api.anthropic.com/api/oauth/usage. Although the destination is the official API of the tool, the transmission of authentication tokens is a sensitive operation.
  • [COMMAND_EXECUTION]: The installation process performs automated tasks including making scripts executable via chmod +x and using jq and python3 for processing JSON data and cron schedules.
  • [PROMPT_INJECTION]: The skill modifies ~/.claude/settings.json to install persistent hooks and a status line that displays content derived from tool inputs (e.g., cron job prompts). This creates a surface for indirect prompt injection if malicious data is processed by the hooks.
  • Ingestion points: scripts/cron-state.sh reads tool inputs from the agent session.
  • Boundary markers: Absent in the rendered status line.
  • Capability inventory: The skill possesses file write and shell execution capabilities.
  • Sanitization: Content is truncated to 25 characters, but no escaping of instructions or control characters is applied.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 08:20 PM