skills/waltersumbon/claude-agent-sdk-skill/claude-agent-sdk-typescript/Socket

claude-agent-sdk-typescript

Fail

Audited by Socket on Feb 24, 2026

1 alert found:

Malware

MalwareSKILL.md

HIGH

MalwareHIGH

SKILL.md

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] prompt_injection: Detected system prompt override attempt (PI004) [AITech 1.1] [CRITICAL] prompt_injection: Detected system prompt override attempt (PI004) [AITech 1.1] [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] This is a legitimate SDK usage guide that demonstrates powerful agent capabilities (file access, shell execution, external MCP servers, hooks). It does not contain embedded malware or obfuscated malicious code, but it includes multiple high-risk patterns: a curl|bash installer example, forwarding of secrets into subprocess environments (npx/docker), enabling arbitrary Bash execution via allowedTools and permissive permissionMode settings, and logging raw tool inputs to disk. These examples are supply-chain and credential-exposure risks if reused without validation, pinning, least-privilege tokens, and redaction. Recommend: do not run the curl|bash example, avoid forwarding high-privilege secrets into third-party processes, restrict allowedTools (avoid 'Bash' unless necessary), use scoped tokens and verification/pinning for npx/docker images, and redact sensitive data before writing audit logs. LLM verification: This SKILL.md is documentation for a Claude Agent SDK and does not itself contain obfuscated malware, but it includes several high-risk supply-chain and credential-forwarding patterns in its examples: a curl|bash installer example, launching third‑party MCP servers with environment secrets, unpinned npx/docker execution, and examples granting broad agent permissions (Bash/Write/Edit) and permissive permissionMode. These patterns materially increase the risk that a user copying examples could exe

Confidence: 95%Severity: 90%

Audit Metadata

Analyzed At

Feb 24, 2026, 09:28 AM

Package URL

pkg:socket/skills-sh/waltersumbon%2Fclaude-agent-sdk-skill%2Fclaude-agent-sdk-typescript%2F@1d7129ba197dfd3f16648035e71412dae953874c