Back to skill

Security audit

Claude Code Controller

Security checks across malware telemetry and agentic risk

Overview

This skill is a Claude Code launcher with expected coding-agent powers, but it creates a permissive project configuration automatically and makes isolation claims that are not backed by the included artifacts.

Install only if you are comfortable giving Claude Code broad read, write, edit, and shell access in the selected project. Before running the launcher, review or replace `.claude/settings.json`, consider changing `permissionMode` to an approval-based mode, and avoid using it on sensitive repositories unless you have a clear containment plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill documentation claims strong capabilities such as ACP-isolated execution, project-aware management, and specialized review/refactor workflows, but the file only describes generic usage and even instructs creation of `.claude/settings.json` with permissive settings like `allowedTools` including shell access and `permissionMode: auto`. This mismatch can mislead users into granting trust, permissions, or configuration changes under false assumptions about isolation and safeguards.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script auto-generates a Claude Code configuration that grants broad capabilities (bash, edit, write, read) and sets permissionMode to auto, allowing code execution and file modification without interactive approval. In a launcher/controller skill, this meaningfully increases the blast radius of prompt mistakes, unsafe tasks, or adversarial project content because the agent can act immediately with minimal friction.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script creates project configuration with permissive settings automatically when no config exists, without explicit consent from the user. Although it does not overwrite an existing file, it silently establishes a high-trust baseline that may surprise users and weaken security expectations for the repository.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.