security-scan
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
ecc-agentshieldpackage globally from npm. This package and its associated GitHub repository (affaan-m/agentshield) are not part of the trusted vendors list or well-known service providers. - [COMMAND_EXECUTION]: Multiple instructions involve running
npx ecc-agentshield, which executes code downloaded from a remote registry. These commands are designed to scan the local filesystem, including sensitive configuration directories like.claude/. - [CREDENTIALS_UNSAFE]: The 'Opus 4.6 Deep Analysis' section directs users to
export ANTHROPIC_API_KEY=your-keybefore running the tool. Passing high-privilege API keys to an unverified third-party CLI tool is a significant security risk.
Audit Metadata