cc-insider

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Claude Code internals skill with no executable installer, hidden data access, or runtime automation.

Reasonable to install as a technical reference. Read the permission examples critically, especially the allow-by-default snippet, and independently verify security-sensitive tool or hook designs before copying them into real code. Expect the content to be mostly Chinese.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The document explicitly labels the defaults as 'fail-closed', but the shown implementation includes `checkPermissions: ... => ({ behavior: 'allow', ... })`, which is allow-by-default. In a security-sensitive tool framework, this mismatch can mislead developers into relying on protections that are not actually present, increasing the chance that new tools ship without meaningful permission enforcement.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill advertises broad trigger scenarios such as general architecture analysis, debugging, and extension development, which can cause over-activation outside narrowly intended contexts. Overly broad matching can inject large amounts of internal guidance into unrelated sessions, increasing prompt-surface area, confusing agent behavior, and potentially biasing security-relevant decisions when the skill is auto-selected.

Natural-Language Policy Violations

Medium

Confidence: 71% confidence
Finding: The skill description indicates a Chinese-only interaction model without offering language negotiation or fallback behavior. This can cause misunderstandings, incorrect tool use, or misinterpreted safety guidance for users operating in other languages, which is a reliability and safety concern even if not a direct exploit primitive.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal