Claude Delegate

Security checks across malware telemetry and agentic risk

Overview

This skill is a clear Claude Code delegation helper, but it defaults to running delegated coding tasks with permission safeguards bypassed.

Review before installing. Use this only in repositories where you are comfortable letting Claude Code read and modify files through a non-interactive command, and prefer editing the command to remove `--permission-mode bypassPermissions` or requiring explicit confirmation for each delegated task.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger phrases are broad enough to match many ordinary software-engineering requests, causing the skill to activate in contexts where users may not expect delegation to an external coding agent. In this skill, that risk is amplified because activation can lead to shell execution of Claude with bypassed permissions, increasing the chance of unintended high-privilege actions.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly instructs running `claude --permission-mode bypassPermissions` through shell execution and presents this as the default workflow without warning, restriction, or user confirmation. This is dangerous because it normalizes elevated execution for arbitrary coding tasks, allowing filesystem or project modifications to occur with reduced safeguards if the skill is invoked unintentionally or on untrusted content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal