Skills
skills/sundial-org/awesome-openclaw-skills/claude-team/Gen Agent Trust Hub

claude-team

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Persistence mechanism via macOS Launch Agents. The assets/setup.sh script installs a plist file to ~/Library/LaunchAgents/ to ensure the orchestrator runs automatically at login.
  • [COMMAND_EXECUTION]: Privilege escalation suggestion. The spawn_workers tool includes a skip_permissions flag that maps to Claude Code's --dangerously-skip-permissions flag, allowing workers to bypass safety prompts for sensitive operations.
  • [DATA_EXFILTRATION]: Outbound data transmission. The skill documentation provides an example monitoring script that transmits worker status and task metadata to the Telegram Bot API via curl.
  • [REMOTE_CODE_EXECUTION]: Installation from well-known sources. The setup script facilitates the installation of the 'uv' package manager from Astral's official domain (astral.sh) using a piped-to-shell command.
  • [PROMPT_INJECTION]: Indirect prompt injection surface. The skill ingests bead IDs and task annotations (ingestion points in SKILL.md) and interpolates them into worker prompts. It lacks boundary markers or sanitization, which creates a risk if workers process untrusted data while granted broad system capabilities.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 02:22 AM