free-code-claude-cli
Fail
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions recommend piping a shell script from an unverified GitHub repository (
paoloanzn/free-code) directly to bash (curl -fsSL ... | bash). This practice allows the remote script to execute arbitrary commands on the host system without prior review. - [PROMPT_INJECTION]: The skill is explicitly advertised as a tool to 'strip Anthropic's injected system-prompt guardrails' and 'bypass content guidelines', which are direct attempts to override agent safety constraints.
- [COMMAND_EXECUTION]: The resulting CLI tool is a terminal-native agent that possesses a registry of tools for executing bash commands, reading/editing files, and managing system processes.
- [EXTERNAL_DOWNLOADS]: The skill downloads the Bun runtime from its official source (
bun.sh) and clones project source code from an unverified third-party GitHub repository. - [CREDENTIALS_UNSAFE]: The skill provides instructions for configuring and using highly sensitive credentials via environment variables, including
ANTHROPIC_API_KEY,AWS_BEARER_TOKEN_BEDROCK, andANTHROPIC_FOUNDRY_API_KEY.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install, https://raw.githubusercontent.com/paoloanzn/free-code/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata