permission-hook

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill is not overt malware but exhibits multiple backdoor-enabling and supply-chain patterns — broad auto-approval of powerful operations (git push, run scripts, package installs, Docker), automatic reuse of the user's Claude OAuth session, read/write/edit access to the .claude directory (likely containing tokens), and an overwrite/update mechanism that propagates a hook across repositories — any of which can be easily abused to execute remote code, exfiltrate credentials/data, persist malicious changes, or replace the hook with a hostile payload.