vscode-cc-login-free
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The script reads sensitive authentication information, specifically the ANTHROPIC_API_KEY, from the local configuration file ~/.claude/settings.json to sync it with VS Code settings.
- [COMMAND_EXECUTION]: The tool utilizes subprocess.run to execute system commands such as 'where' and PowerShell scripts to refresh environment variables.
- [COMMAND_EXECUTION]: The SKILL.md file includes a Python one-liner that uses the subprocess module to programmatically locate and execute the configuration script on the local machine.
Audit Metadata