APEX STACK for Claude Code: Complete Autonomous Developer Agent

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Claude Code enhancement that is aligned with its stated purpose, but it adds persistent memory and optional global agent behavior that users should understand before installing.

Install this only if you want Claude Code to use persistent project memory and act more autonomously on coding tasks. Use project-level installation for tighter scope, review memoria.md and code diffs regularly, and do not store credentials or sensitive secrets in memory files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ASI02: Tool Misuse and Exploitation

Low

What this means

The agent may edit code, tests, and documentation quickly in response to development goals.

Why it was flagged

The skill is intended to drive multi-step code changes in Claude Code. That is purpose-aligned, but users should review diffs because the agent may make several project changes at once.

Skill content

With APEX STACK:    ⚙ Executing: READ → PLAN → IMPLEMENT → TEST → VERIFY
                    JWT auth added, middleware configured, endpoints protected,
                    tests written, docs updated. One response.

Recommendation

Review generated changes before committing or deploying, especially for security-sensitive features such as authentication.

ASI06: Memory and Context Poisoning

Low

What this means

Project preferences, decisions, and context may persist across sessions and steer future agent behavior.

Why it was flagged

The skill creates and reuses persistent memory. It includes a privacy rule against credentials, but stored project context can still influence future sessions.

Skill content

Look for memory at:
.claude/memoria.md          ← project memory (git-tracked, non-sensitive only)
~/.claude/memoria.md        ← global memory (all projects)
CLAUDE.md                   ← fallback (already loaded)

If none exists, create `.claude/memoria.md` and populate from project context.

Recommendation

Keep memoria.md free of secrets, review changes to it like code, and be cautious with memory files received from shared repositories.

ASI10: Rogue Agents

Low

What this means

If installed globally, the behavior will affect future Claude Code sessions until removed.

Why it was flagged

The skill can be installed globally so its instructions persist across all Claude Code sessions. This is disclosed and reversible, and the artifact states that no background process runs.

Skill content

Option B — Global (all Claude Code sessions)
```bash
clawhub install apex-stack-claude-code
cat skills/apex-stack-claude-code/SKILL.md >> ~/.claude/CLAUDE.md
```

> **Note:** This skill is active only when its contents are present in your `CLAUDE.md`
> or session context. Remove it from `CLAUDE.md` to disable. No background processes run.

Recommendation

Prefer project-level installation unless you want the behavior everywhere, and remove the appended block from CLAUDE.md to disable it.