The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were identified within the skill files. The skill functions as a professional developer resource.
[EXTERNAL_DOWNLOADS]: The skill instructs users to download and install official libraries from trusted organizations, such as the anthropic package from PyPI and the @anthropic-ai/sdk package from NPM. It also references well-known, reputable tools like Playwright for browser automation.
[COMMAND_EXECUTION]: Documentation includes examples of using the Agent SDK to perform shell commands and interact with MCP servers (e.g., PostgreSQL, Playwright) for legitimate development tasks. These are documented within the context of the SDK's intended functionality.
[CREDENTIALS_SAFE]: The skill correctly uses placeholders like "your-api-key" in examples and explicitly advises against hardcoding credentials, recommending environment variables as a secure alternative.
[DATA_EXFILTRATION]: Tools for web fetching and file reading are documented as part of the Agent SDK's capability set for research and coding assistants. No suspicious or unauthorized data transmission patterns to unknown third-party domains were found.
[PROMPT_INJECTION]: The documentation for the Agent SDK acknowledges the attack surface created by processing untrusted data and highlights the built-in permission systems and guardrails provided by the SDK as mitigations.

claude-api