Skills
skills/dev-goraebap/sveltekit-custom-skills/vscode-claude-notify/Gen Agent Trust Hub

vscode-claude-notify

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill configures hooks in the .claude/settings.json file to trigger local notification scripts when specific events like Stop or PostToolUseFailure occur.
  • [COMMAND_EXECUTION]: On Windows, the skill utilizes powershell.exe with the -ExecutionPolicy Bypass flag to execute a bundled PowerShell script for displaying BalloonTip notifications.
  • [COMMAND_EXECUTION]: The notification scripts (notify-mac.sh, notify-wsl.sh, and notify-windows.ps1) ingest event data such as titles and messages via command-line arguments. These inputs are interpolated into shell commands for osascript or powershell.exe. While no explicit sanitization is present, the functionality is restricted to the OS-native notification subsystems and serves the skill's primary purpose.
  • [COMMAND_EXECUTION]: The installation process involves setting execution permissions (chmod +x) on the bundled shell scripts to allow them to be invoked by the agent hooks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 02:20 AM