Claude SDK Expert

This skill document is a plausible, coherent guide for building Claude Agent SDK-based autonomous agents and aligns capabilities with stated purpose. However, it advocates runtime download-and-execute patterns (npx, docker) without pinning or integrity verification and shows examples that forward environment credentials into spawned third-party processes. Combined with recommended broad computer-use permissions (Bash, filesystem write/edit, all_tools) and examples that let agents execute plans directly, these patterns create a meaningful supply-chain and credential-forwarding risk. The file itself is not demonstrably malicious, but using the described architecture without stricter controls (version pinning, signature verification, least-privilege tooling, stronger command sanitization, explicit approval gates) would leave deployments vulnerable to credential theft, arbitrary code execution, and data exfiltration.