Back to skill

Security audit

claude-code-model

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it persistently changes Claude Code provider settings and stores API keys with weak safety controls.

Install only if you intentionally want Claude Code to use the named third-party provider. Treat the API key as a secret, avoid running the helper with copied or untrusted values, especially on Windows, and consider manually editing config with backups and restrictive file permissions so you can undo the provider change later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
'[Environment]::SetEnvironmentVariable("ANTHROPIC_AUTH_TOKEN", "", "User")',
        ]
        for cmd in commands:
            subprocess.run(["powershell", "-Command", cmd], check=True)
        print("✓ Environment variables updated")
    else:
        # For Unix-like systems, update shell profile
Confidence
87% confidence
Finding
subprocess.run(["powershell", "-Command", cmd], check=True)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill asks users to provide an API key and then store it in environment variables and local config files, but it gives no guidance on secret handling, exposure risks, or safer storage options. This increases the chance of credential leakage through shell history, config-file disclosure, backups, screenshots, or logs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow persistently modifies user-level environment variables and local configuration files, but it does not clearly warn that these changes survive restarts and can alter future CLI behavior. Persistent configuration changes can unintentionally break existing setups, reroute requests to third-party endpoints, or leave sensitive credentials stored long term.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script stores the provided API key in ~/.claude/config.json and ~/.claude/settings.json without an explicit warning, consent step, or permission hardening. Storing credentials on disk increases exposure to local compromise, backups, sync tools, or accidental disclosure, especially in a skill whose purpose is to reconfigure providers and secrets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.