Claude Code Controller
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a purpose-aligned Claude Code launcher, but users should notice that it enables Claude Code to read, edit, write, and run shell commands in a project using an Anthropic API key.
This skill appears coherent for managing Claude Code rather than malicious. Before installing or using it, make sure you trust the Claude Code CLI, use it only on projects where automated reads/writes and shell commands are acceptable, keep API keys out of code, and tighten .claude/settings.json for sensitive repositories.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Claude Code may be able to change project files and run development commands during a requested coding task.
If no project config exists, the launcher creates a Claude Code settings file that allows shell, read, edit, and write tools with automatic permission mode.
"allowedTools": ["bash", "edit", "write", "read"], "maxTurns": 50, "permissionMode": "auto"
Use this only in repositories where Claude Code may safely operate, prefer a git branch or disposable workspace, and tighten settings with allowedDirectories, readOnlyDirectories, or permissionMode set to always for sensitive projects.
Your Anthropic API key will authorize Claude Code usage and may incur costs under your account.
The skill requires an Anthropic API key for Claude Code, which is expected for this integration, but it is not declared in the registry metadata requirements.
export ANTHROPIC_API_KEY="your-api-key"
Use an appropriate scoped key if available, keep it out of source control, and monitor usage and logs.
Installing the external CLI gives that package code execution on your machine.
The documented setup depends on installing an external global npm package. This is expected for a Claude Code controller but introduces normal package provenance and versioning considerations.
npm install -g @anthropic-ai/claude-code
Install Claude Code from the official source, verify the package name and publisher, and consider pinning or reviewing versions in managed environments.
Project code, prompts, or debugging context may be processed by the Claude Code service depending on Claude Code behavior and configuration.
The launcher sends the user-provided task to the Claude Code CLI, which is an external Anthropic coding assistant integration and may use project context for coding tasks.
claude --model "$model" "$task"
Do not use it on repositories containing secrets or highly sensitive code unless your organization permits Claude Code use and the configured data-handling policy is acceptable.
Persistent custom instructions or project settings can affect later coding sessions, including sessions started by other users or agents in the same project.
The configuration reference documents persistent project or global instructions that can influence future Claude Code behavior.
"customInstructions": "始终使用 TypeScript,遵循 ESLint 规则,编写单元测试"
Review .claude/settings.json and global Claude configuration before sensitive work, and remove unexpected customInstructions or tool permissions.