claude-agent-sdk-python

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] This is a legitimate SDK documentation file, not code that contains an obvious backdoor or obfuscated malware. However, it contains multiple high-confidence supply-chain and credential-forwarding risk patterns: curl|bash installer example, unpinned npx installs, docker run of unvetted images, and examples forwarding sensitive env vars into external subprocesses. The SDK's allowed-tools (Bash, Write, Skill) enable high-impact actions and should be scoped by principle of least privilege. Treat examples that run external code or forward credentials as dangerous in precise deployments — require pinning, provenance checks, and avoid pipe-to-shell installers. Overall classification: not directly malicious but SUSPICIOUS/vulnerable due to supply-chain and credential exposure patterns; exercise caution when following the install/run examples and when granting tool permissions. LLM verification: This SKILL.md/doc fragment documents legitimate SDK features and examples consistent with its stated purpose, but it contains multiple high-risk supply-chain and execution patterns: an explicit curl|bash install example, runtime npx/docker-based MCP server launches that execute remote code, and examples that forward sensitive environment variables into subprocesses. These patterns create a significant supply-chain and credential-forwarding risk if followed verbatim or used in automated agents. I