claude-code-cli
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (LOW): The documentation recommends installing the CLI via
curl -fsSL https://claude.ai/install.sh | bash. This pattern of piping a remote script to a shell is generally a high-risk behavior; however, since the source domain (claude.ai) belongs to Anthropic (associated with the trusted 'anthropics' organization), the severity is downgraded to LOW per the trust-scope-rule. - EXTERNAL_DOWNLOADS (LOW): The skill references the official npm package
@anthropic-ai/claude-code. This is a verified package from a trusted organization. - COMMAND_EXECUTION (LOW): The skill documents the use of high-privilege flags such as
--dangerously-skip-permissionsand--allowedTools. While these bypass security prompts, they are documented specifically for non-interactive/sandbox use cases (e.g., CI/CD or Daytona sandboxes) and are legitimate features of the tool. - PROMPT_INJECTION (LOW): The skill defines a tool surface that processes external data and user prompts (e.g.,
cat file | claude -p). This establishes a surface for indirect prompt injection. As this is a vulnerability surface rather than an active exploit, and per instructions for Category 8, the severity is LOW. - CREDENTIALS_UNSAFE (SAFE): The file references sensitive environment variables like
ANTHROPIC_API_KEYandCLAUDE_CODE_OAUTH_TOKENbut correctly uses placeholders (e.g.,sk-ant-...) rather than hardcoding actual credentials.
Recommendations
- HIGH: Downloads and executes remote code from: https://claude.ai/install.sh - DO NOT USE without thorough review
Audit Metadata