book-installer
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The "Skill Tracker" feature (found in references/skill-tracker.md) installs persistent global hooks in the agent's configuration directory (~/.claude/hooks/) and modifies the core settings.json file. These hooks are designed to monitor and log all future user interactions and tool executions across all project environments.
- [COMMAND_EXECUTION]: The "Cover Image Generator" component (references/cover-image-generator.md) instructs users to grant "Accessibility" permissions to the terminal application on macOS. This high-privilege permission enables UI automation and operating system control, posing a significant security risk if misused.
- [COMMAND_EXECUTION]: Bootstrapping the project involves the execution of multiple shell commands and scripts, including environment creation via Conda, package installation via pip, and the execution of the generate-cover.sh script.
- [DATA_EXFILTRATION]: The "Simple Feedback" (references/assets/js/feedback.js) and "Skill Tracker" features collect and potentially transmit user activity data. Specifically, the feedback component can transmit page URLs and browser user-agent strings to configurable external endpoints or third-party analytics services.
- [EXTERNAL_DOWNLOADS]: The skill templates configure textbook projects to fetch and execute third-party JavaScript and CSS from public CDNs such as unpkg.com and jsdelivr.net (e.g., KaTeX, MathJax, and vis-network).
Audit Metadata