Back to skill

Security audit

Cc Helper

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Claude Code setup helper, but it under-discloses credential-writing and system-changing setup steps that users should review carefully.

Install only if you want an agent to help configure Claude Code and related providers. Before following its steps, review any command that installs software or pipes remote content into a shell, confirm exactly what will be written to `.claude/settings.local.json`, keep credentials out of version control, and back up or rename credential files instead of deleting them outright.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill claims it does not produce local files, but earlier instructions explicitly direct creation of `.claude/settings.local.json`. This inconsistency can mislead users or downstream tooling about filesystem side effects, increasing the chance that sensitive API credentials are written locally without proper review or handling.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README invites users to trigger the skill with very common phrases such as asking how to use Claude Code or configure a provider. Overly broad trigger wording increases the chance the skill activates in unintended contexts, which is risky because the skill claims it can inspect the environment, install software, and write configuration automatically.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that the skill will automatically detect the environment, guide installation, select a provider, and write configuration, but it does not warn users about system modifications, credential handling, file paths affected, or rollback options. In a setup tool that may install CLIs and write settings or environment variables, this omission can lead to unexpected changes, accidental credential exposure, or unsafe execution without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide instructs users to execute a remotely fetched installer script for Homebrew via curl inside a shell command, but provides no warning to inspect the script, verify source authenticity, or understand the trust implications. Even when the URL is a legitimate upstream project, remote script execution is a common supply-chain risk because compromise of the source, DNS, TLS termination, or copy/paste substitution could lead to arbitrary code execution on the user's machine.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The nvm installation step pipes a downloaded script directly into bash, which is a classic unsafe pattern because it executes unreviewed network content immediately. If the remote source or network path is compromised, this results in arbitrary code execution in the user's shell context and may modify shell startup files persistently.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document instructs users to delete `~/.claude/credentials.json` to clear saved login credentials, but it does not explicitly warn that this logs the user out and permanently removes stored authentication state. In a troubleshooting guide for developer setup, destructive commands are more dangerous because users may copy-paste them without understanding side effects, increasing the chance of accidental credential loss or service disruption.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.