half-clone
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill is designed to locate and execute a script named
half-clone-conversation.shwithin the~/.claudedirectory. Because the script's content is not part of the skill and is found dynamically on the host system, this creates a path for arbitrary code execution if a malicious script of the same name is present. - [DATA_EXPOSURE] (MEDIUM): The skill accesses
~/.claude/history.jsonl, a file containing sensitive conversation history and session IDs. While no exfiltration is explicitly present, the data is being processed by an unverified script. - [DYNAMIC_EXECUTION] (HIGH): The skill uses a combination of
find,sort, andtailto identify an executable path at runtime. This 'computed path' execution pattern is a high-risk behavior as it bypasses static path auditing. - [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill processes historical conversation data (
history.jsonl). If an attacker has previously injected malicious instructions into a conversation that is now being 'half-cloned', those instructions could potentially influence the behavior of the cloning script or the agent's future context.
Recommendations
- AI detected serious security threats
Audit Metadata