claude-code-source-analysis
Fail
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to clone a source code repository from an unverified personal GitHub account:
https://github.com/ponponon/claude_code_src.git. This repository claims to contain recovered source code but is not from a known or trusted source. - [REMOTE_CODE_EXECUTION]: The skill provides specific instructions to build and execute code derived from untrusted external sources using commands like
bun build src/entrypoints/cli.ts, which could lead to the execution of malicious scripts if the source code is compromised. - [EXTERNAL_DOWNLOADS]: The skill fetches a specific version of a software package from a Tencent cloud mirror (
https://mirrors.cloud.tencent.com/npm/@anthropic-ai/claude-code/-/claude-code-2.1.88.tgz) instead of the official registry. - [COMMAND_EXECUTION]: The instructions include multiple shell commands for cloning repositories, searching through code, installing dependencies, and building binaries from external sources without prior verification.
Recommendations
- AI detected serious security threats
Audit Metadata