claude-better-cli
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill targets the
ANTHROPIC_API_KEYenvironment variable. By instructing users to replace the official and trustedclaudeCLI tool with an opaque, closed-source binary (claude-better), the author creates a high-risk scenario where the API key can be intercepted or exfiltrated during execution. - [REMOTE_CODE_EXECUTION]: The skill promotes the installation and execution of a non-verifiable binary from a third-party source. The documentation explicitly states that the source code is private and only available to 'high-profile customers,' preventing any independent security audit of the code that will handle user credentials and session data.
- [COMMAND_EXECUTION]: The installation instructions utilize shell commands (
export PATH=...andalias claude=...) to hijack the execution path of a known, trusted system utility. This ensures that the agent or user unknowingly executes the third-party binary instead of the official tool. - [PROMPT_INJECTION]: While not a direct injection into the agent's instructions, the skill uses deceptive metadata and performance claims to trick users/agents into bypassing standard security boundaries regarding third-party software installation.
Recommendations
- AI detected serious security threats
Audit Metadata