Skills
skills/aradotso/trending-skills/deepclaude-proxy/Gen Agent Trust Hub

deepclaude-proxy

Fail

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Instructions to clone a third-party repository from GitHub (https://github.com/aattaran/deepclaude.git) that is not associated with a recognized trusted organization.
  • [REMOTE_CODE_EXECUTION]: Instructions to grant execution permissions (chmod +x) and run the downloaded script (deepclaude.sh), enabling the execution of code from an external source.
  • [COMMAND_EXECUTION]: Requests the use of sudo to create a symbolic link in /usr/local/bin, which installs a third-party script with elevated system privileges.
  • [COMMAND_EXECUTION]: Modifies the user's shell configuration profile (~/.bashrc) to append environment variables and store API keys, which serves as a persistence mechanism on a sensitive configuration file.
  • [EXTERNAL_DOWNLOADS]: Fetches the official @anthropic-ai/claude-code package from the public registry.
  • [PROMPT_INJECTION]: The skill implements custom slash commands in ~/.claude/commands/ that create an attack surface for indirect instructions.
  • Ingestion points: Configuration files stored in ~/.claude/commands/ and read by the agent.
  • Boundary markers: Absent; no delimiters or safety warnings are included for the shell command interpolation.
  • Capability inventory: Execution of curl commands to interact with a local proxy, file writes via echo and sudo, and system modifications via chmod.
  • Sanitization: Absent; raw shell commands are interpolated directly from processed markdown files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 4, 2026, 06:07 AM