claude-settings-audit
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard, read-only shell commands such as
ls,find, andcatto inspect the repository structure, dependency files (e.g.,package.json,pyproject.toml), and existing configuration files (.claude/settings.json). - [REMOTE_CODE_EXECUTION]: Suggests a configuration for an MCP server using
npx -y @linear/mcp-server. Linear is a well-known service, and this execution is part of a standard integration pattern for the Model Context Protocol. - [EXTERNAL_DOWNLOADS]: Includes recommendations for
WebFetchdomains targeting official documentation sites for Sentry, GitHub, and various popular web frameworks (e.g., Django, React, FastAPI). These are well-known technology services. - [DATA_EXFILTRATION]: Recommends allowing the
gh api:*command. This grants the agent access to the GitHub API within the user's authenticated scope, which is aligned with the skill's intended purpose for project auditing and management.
Audit Metadata