Back to skill

Security audit

Ccsinfo

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but its setup can expose private Claude Code session history over the network without enough access-control guidance.

Review before installing. Use this only with a ccsinfo server you control, prefer binding the server to 127.0.0.1 or a private VPN instead of 0.0.0.0, avoid plain HTTP on shared networks, and add firewall or authentication controls if available. Treat retrieved session data as sensitive because it may contain prompts, outputs, tool results, code, secrets, and old instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README instructs users to expose and query Claude Code session data from a remote server, including conversation history, tool calls, tasks, prompts, and usage data, but provides no warning about the sensitivity of that data or the privacy/security implications of remote access. This can lead operators to deploy the service on reachable interfaces and connect to it without understanding that potentially confidential prompts, outputs, and operational metadata may be exposed over the network.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description says it queries Claude Code session data from a remote server, but it does not clearly warn that potentially sensitive conversation history, prompts, tool calls, and task data will be transmitted over a network. Users may invoke the skill without understanding the privacy and data exposure implications, increasing the risk of unintended disclosure.

Missing User Warnings

High
Confidence
99% confidence
Finding
The setup instructions tell users to start the server with `--host 0.0.0.0`, which exposes the service on all network interfaces, yet no authentication, TLS, firewall restriction, or security warning is provided. Because the server exposes Claude Code session data from `~/.claude/projects/`, this could allow other machines on the LAN or beyond to access sensitive session contents if the port is reachable.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.