ai-model-routing

The script itself is small and not overtly malicious, but it presents a moderate to significant supply-chain and privacy risk because it unconditionally forwards repository content (which may include secrets) to an external 'claude' CLI with no redaction, confirmation, or integrity checks. The highest risks are data exfiltration to remote services and PATH-based execution of malicious binaries. Mitigations: require explicit user consent before sending, implement redaction/filters for known secret patterns, require absolute path or checksum verification for 'claude', validate presence of trusted 'jq', and add logging/auditing. Use in sensitive repositories should be restricted until these controls are implemented.

The script is a convenience wrapper (not obviously malicious) but presents moderate to high supply-chain and data-exfiltration risk because it grants an external assistant Read/Edit/Write access without safeguards. Before running, verify the claude client is trusted and offline if required, restrict or remove Edit/Write permissions, add confirmation/dry-run and file-exclusion safeguards, and avoid passing secrets in the prompt or environment. If the claude binary communicates with a remote API, assume repository contents and any included secrets could be leaked.

The script itself contains no direct malicious code or obfuscation; its primary security risk is delegating unrestricted filesystem reads to an external 'claude' CLI which is likely networked. This creates a realistic data-exfiltration vector for secrets and sensitive files. Treat the script as safe only when the claude binary is trusted, the target directory contains no sensitive data, or appropriate filtering/isolation controls are in place. Recommended actions: verify claude's provenance, restrict scanned file types, run in isolated environments, and avoid scanning directories with secrets.