claude-code-sdk

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] This file is a legitimate integration guide for the Claude Code SDK. I find no evidence of active malware or credential exfiltration to third-party domains. However, several recommended patterns are risky if used without caution: mutating private SDK internals, mounting ~/.claude into containers, allowing broad agent tools (Bash/Write/Edit/WebFetch), and using CORS wildcard. These increase the chance of accidental data leakage or destructive actions when deployed. Treat examples as starting points, harden configs for production by restricting allowed_tools, avoid mounting private credential directories unless necessary, remove CORS wildcards, and do not modify private internals unless you fully understand the impact. LLM verification: This SKILL.md is documentation and example code for using the Claude Code SDK. It contains legitimate instructions and examples for authentication, async usage, and agent configuration. I found no direct malicious code or evidence of credential exfiltration to attacker-controlled endpoints. However, there are several security concerns: the examples suggest granting highly privileged tools (Bash, Write/Edit) which are disproportionate for many deployments and can enable data leakage or local dama