The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): Automated scanners confirmed a piped remote execution pattern: curl -fsSL https://claude.ai/install.sh | bash. This method allows for arbitrary code execution from a remote source, bypassing manual verification of the script content.
[COMMAND_EXECUTION] (HIGH): Multiple utility tools use unsafe shell execution via child_process.exec and execSync with string interpolation. Specifically:
Tools/AddBg.ts: Interpolates inputPath and outputPath directly into a shell string for ImageMagick. While wrapped in quotes, these are not escaped, allowing subshell execution (e.g., using $(command) in a filename).
Tools/GetTranscript.ts: Uses execSync with a template literal for the fabric command without sanitizing the url parameter.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill dynamically downloads and executes content from several sources:
Tools/GenerateSkillIndex.ts and Tools/SkillSearch.ts manage a dynamic index of skills.
Tools/extract-transcript.py and Tools/ExtractTranscript.ts download AI models and interface with remote APIs (OpenAI Whisper).
Tools/RemoveBg.ts downloads processed images from the remove.bg API.
[DATA_EXFILTRATION] (MEDIUM): The skill is designed to handle sensitive user data (Financials, Contacts, SSH keys) and includes tools that send local data to external endpoints:
Audio/Video files are sent to OpenAI for transcription.
Image files are sent to api.remove.bg for background removal.
While these are intended features, they establish a pipeline for sensitive local data to leave the system.
[CREDENTIALS_UNSAFE] (MEDIUM): Several tools (RemoveBg.ts, YouTubeApi.ts, ExtractTranscript.ts) depend on API keys stored in a local .env file (~/.claude/.env). While the skill includes a SecretScan.ts tool, the overall architecture encourages the storage of long-lived secrets in plaintext on the filesystem.

PAI