Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Development
v0.1.0Design and build custom Claude Code agents with effective descriptions, tool access patterns, and self-documenting prompts. Covers Task tool delegation, model selection, memory limits, and declarative instruction design. Use when: creating custom agents, designing agent descriptions for auto-delegation, troubleshooting agent memory issues, or building agent pipelines.
⭐ 8· 3k·24 current·25 all-time
byVeera@veeramanikandanr48
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill is about designing Claude Code agents and the provided instructions and rules directly address that topic. Recommending agent description patterns, prompt structure, and delegation is coherent. However, several recommended operational changes (giving all agents Read/Write/Edit/Bash, wildcard WebFetch, and editing global .claude/settings.json) are broader than strictly necessary for 'design guidance' and shift from guidance into privileged configuration changes.
Instruction Scope
SKILL.md instructs the user to (a) give broad tool access to agents (Read, Write, Edit, Glob, Grep, Bash), (b) allowlist many Bash patterns and WebFetch(domain:*), and (c) change ~/.bashrc for NODE_OPTIONS. These instructions are not limited to documentation—they direct persistent configuration changes and global permission expansion that let agents read/write files, run shell commands, and fetch from any domain, increasing the attack surface and enabling inadvertent data access or exfiltration.
Install Mechanism
This is an instruction-only skill with no install spec and no code to execute. That minimizes code-delivery risk because nothing is downloaded or executed by the skill itself.
Credentials
The skill requests no environment variables, but explicitly tells users to edit persistent environment (NODE_OPTIONS in ~/.bashrc) and system config (.claude/settings.json) to grant broad permissions (especially WebFetch(domain:*), Bash allowlists). Those persistent changes are disproportionate for mere guidance and could grant agents access to data and networks unrelated to the specific agent tasks.
Persistence & Privilege
Although the skill is not 'always:true' and doesn't autonomously install, it instructs making persistent, global configuration changes (.claude/settings.json and shell rc). Those changes affect the platform's privilege model across agents (global allowlists and broader tool grants), increasing long-term risk beyond a single agent.
What to consider before installing
This skill is coherent with its stated purpose (agent design) but it encourages persistent, broad permission changes that increase security risk. Before following its recommendations: (1) Do not blindly apply the .claude/settings.json allowlist—narrow allowed WebFetch domains and Bash patterns to the minimum required. Avoid WebFetch(domain:*) wildcard if you care about data exfiltration. (2) Prefer per-agent tool lists rather than 'give all tools to all agents'; grant Bash/Write only to agents that truly need them. (3) Back up ~/.bashrc before changing NODE_OPTIONS and prefer setting NODE_OPTIONS per-session or per-service rather than globally if possible. (4) Review any allowlist commands to ensure they don't permit destructive shell operations or access to sensitive paths (e.g., ~/.ssh, /etc). (5) Test changes in a sandboxed environment or non-production account first. (6) If you intend to follow the skill's guidance in a team or production environment, get an explicit security review and restrict agent permissions with least privilege. The lack of code files means no immediate code-execution risk from the skill itself, but the operational recommendations materially expand agent privileges—treat those changes with caution.Like a lobster shell, security has layers — review code before you run it.
latestvk9773dkp29mf768ejx5y77cj4n8081k6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.