Claude Dev Setup
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for Claude Code setup, but it tells agents to read your local Claude OAuth token and run Claude Code in background with permission checks disabled.
Review carefully before installing. This skill is not showing clear exfiltration or deception, but it grants an agent powerful Claude Code access by using your local OAuth token and disabling Claude Code permission prompts. Only use it in trusted workspaces, avoid secrets in task descriptions, and require explicit approval before background coding tasks.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
No VirusTotal findings
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill may access and reuse your Claude account token, which can grant delegated access to Claude Code actions under your account.
The skill explicitly instructs agents to extract and use a local OAuth token, while the registry metadata declares no primary credential or required environment variable.
OAuth Token Handling — Automatic token extraction and usage ... Claude Code stores its OAuth token in: ~/.claude/.credentials.json
Install only if you intend to delegate Claude Code access. Prefer provider-supported authentication flows, avoid printing tokens, and require explicit user approval before token extraction.
Coding tasks could run with broad authority and without normal Claude Code permission prompts, including file changes or other tool actions depending on the CLI's capabilities.
The recommended execution path combines raw shell execution, account credentials, and Claude Code's permission-skipping flag, which bypasses safer confirmation workflows.
CLAUDE_CODE_OAUTH_TOKEN=$(cat ~/.claude/.credentials.json ... ) claude --print --dangerously-skip-permissions 'Task description'
Remove `--dangerously-skip-permissions` from default examples, require explicit user confirmation for risky operations, and limit execution to a clearly selected project directory.
Long-running coding sessions may continue in the background until checked or killed, which can make actions less visible to the user.
The skill intentionally supports background Claude Code sessions and persistent status tracking. This is disclosed, but users should notice that work may continue after the initial request.
exec({ command: "claude --print --dangerously-skip-permissions 'Task description'", background: true, yieldMs: 10000 })Use background sessions only for explicit user-requested tasks, keep the session registry accurate, and provide clear stop/cancel instructions.
Project task names and session details may persist across interactions and influence future agent behavior.
The skill stores task labels, status, and session IDs in persistent agent memory so future status checks can reuse that context.
All background Claude Code sessions are tracked in `memory/claude-code-sessions.md`.
Review the session file periodically, avoid putting secrets in task descriptions, and clean up stale entries.
Running setup may install or update a global developer tool on your machine.
If the user manually runs the setup script and the CLI is missing, it installs a global npm package. This is purpose-aligned but changes the local environment.
npm install -g @anthropic-ai/claude-code
Verify the package source and version before running the setup script, and consider installing the Claude Code CLI yourself.