cloudcc-cli-dev

The skill provides a development toolkit for CloudCC CRM but contains patterns that pose significant security risks. Specifically, BACKEND_CODE.md and CLI_CHEATSHEET.md instruct the AI agent to construct complex shell commands using nested subshells and 'node -e' execution, which are highly susceptible to shell injection if the agent incorporates unsanitized user input. Additionally, INSTALL_AND_BOOTSTRAP.md encourages high-privilege operations by recommending global npm installations via 'sudo'. While the skill includes beneficial security boundaries (e.g., explicitly forbidding the leakage of 'CloudCCDev' keys or 'secretKey' in SKILL.md), the underlying execution patterns are inherently vulnerable.