Skills
skills/openclaw/skills/claude-team/Gen Agent Trust Hub

claude-team

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • Persistence Mechanisms (HIGH): The script assets/setup.sh implements a persistence mechanism by installing a launchd configuration file to ~/Library/LaunchAgents/com.claude-team.plist. This ensures that the claude-team HTTP server automatically starts whenever the user logs in, which is a technique used to maintain a long-term presence on a system.
  • Remote Code Execution (HIGH): The script assets/setup.sh contains a hardcoded command pattern curl -LsSf https://astral.sh/uv/install.sh | sh. While this is presented as a manual installation instruction for the uv tool, it promotes the dangerous practice of executing remote scripts directly in a shell without prior verification or integrity checks.
  • Command Execution (MEDIUM): The setup script uses sed to dynamically generate system-level configuration files and executes launchctl to modify the state of system services. While intended for setup, these capabilities can be abused to execute arbitrary processes in the background.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 01:09 PM