Skills
skills/enderfga/openclaw-claude-code-skill/claude-code-skill/Gen Agent Trust Hub

claude-code-skill

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • COMMAND_EXECUTION (HIGH): The core functionality of the skill involves spawning subprocesses via the Model Context Protocol. In src/mcp/client.ts, the createClient function uses StdioClientTransport to execute commands and arguments defined in mcp_config.json. An attacker who can modify this configuration file can achieve arbitrary command execution on the host system.
  • CREDENTIALS_UNSAFE (HIGH): The skill manages a configuration file (mcp_config.json) that, according to mcp_config.example.json, is intended to store sensitive credentials such as GITHUB_TOKEN and SLACK_BOT_TOKEN in plain text. The code in src/mcp/actions.ts reads and writes this file without any encryption or secure storage mechanisms.
  • EXTERNAL_DOWNLOADS (MEDIUM): The documentation and examples (e.g., examples/basic-mcp.ts) suggest using npx -y to download and run MCP servers directly from the npm registry. This patterns executes unverified remote code at runtime.
  • PROMPT_INJECTION (LOW): The README describes a bypassPermissions mode which disables user prompts for dangerous operations like file edits. If an agent is tricked via prompt injection while this mode is active, it could perform destructive actions on the local filesystem or environment without oversight.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 04:27 PM