Skills
skills/robrusi/claude-ui-skill/claude-ui/Gen Agent Trust Hub

claude-ui

Fail

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: Instruction to bypass the execution sandbox. SKILL.md explicitly directs the agent to 'Run the bundled helper script outside the Codex sandbox' and with 'escalated permissions'. This bypasses security boundaries intended to isolate the agent's actions from the host system.
  • [COMMAND_EXECUTION]: Risk of shell command injection. In SKILL.md, the command template bun run .agents/skills/claude-ui/src/run-claude-ui.ts --model "<model>" --effort "<effort>" -- "<user request>" uses direct string interpolation of variables. An attacker providing a malicious <user request> (e.g., "; touch /tmp/pwned #) could potentially execute arbitrary commands on the host system if the agent executes the string literally.
  • [CREDENTIALS_UNSAFE]: Access and utilization of local authentication credentials. The skill is designed to harvest or leverage the user's local Claude CLI authentication tokens. The script src/run-claude-ui.ts executes claude auth status and instructions require escalated permissions specifically to 'access the user's normal Claude CLI login context'.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 6, 2026, 10:48 AM