The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The skill provides instructions to download and execute arbitrary packages from npm using npx -y. The -y flag bypasses security prompts, allowing the agent to install and run code from potentially untrusted sources without user intervention.
COMMAND_EXECUTION (HIGH): The skill utilizes PowerShell to modify system configuration files (claude_desktop_config.json) that dictate which binaries are executed when the AI agent starts. This allows for the execution of local files or system commands via the command and args parameters in the MCP config.
EXTERNAL_DOWNLOADS (HIGH): It explicitly facilitates the download of external Node.js packages. There are no mechanisms provided for verifying the integrity or origin of these packages (e.g., checksums or pinned versions), making it susceptible to dependency confusion or typosquatting attacks.
DATA_EXFILTRATION (MEDIUM): The skill reads claude_desktop_config.json, which frequently contains sensitive API keys and environment variables used by various MCP servers. While no direct exfiltration command is present, the capability to read and process these secrets is a prerequisite for exfiltration.
PERSISTENCE MECHANISMS (HIGH): By modifying the mcpServers section of the Claude Desktop configuration, the skill creates persistent execution. Any 'server' added here will be automatically launched by the host application in future sessions.

admin-mcp