Claude Statusline

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This appears to be a legitimate status-line helper, but it deserves review because it tells users to install an automatically running local shell command without clearly warning them about that risk.

Review the statusLine configuration and the referenced script before installing. Install only if you are comfortable with Claude Code automatically running that local command during status-line rendering, and prefer a version that documents exactly what files and commands it touches.

SkillSpector (1)

By NVIDIA

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill instructs users to configure Claude Code to execute a local shell command on status line rendering, but provides no warning that this creates an automatic code-execution path inside the user's environment. While the bundled script appears simple and mostly read-only, this pattern is dangerous because users are being normalized to install and auto-run shell scripts from skill documentation, which can be abused by a modified or malicious script to access local files, repository metadata, or execute arbitrary commands.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal