Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Claude Code Mastery
v1.0.0Complete guide to mastering Claude Code CLI — installation to production workflows
⭐ 0· 19·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description claim a comprehensive guide to the Claude Code CLI. The included files (SKILL.md, templates, CLAUDE.md) align with that purpose, but the SKILL.md and CLAUDE.md explicitly reference 'mcp-scripts' and '5 MCP server setup scripts' as deliverables while no mcp-scripts directory or server setup scripts are present in the package manifest — a mismatch between claimed deliverables and what is actually provided.
Instruction Scope
SKILL.md and CLAUDE.md instruct the user/agent to run MCP setup scripts and to use templates from /templates. CLAUDE.md explicitly says 'Run MCP setup scripts from /mcp-scripts', yet those scripts aren't present. Instructions that tell an agent to execute project scripts (if they existed) could cause arbitrary code execution; the absent scripts create ambiguity about what would be run and when. There are also high-level references to configuring MCP servers with access to databases, GitHub/GitLab, and filesystem operations — legitimate for the topic but potentially broad in scope if the missing scripts later request credentials or perform privileged actions.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled executables. That minimizes installation risk because nothing is written to disk by an installer.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a guide. However, the content describes MCP server integrations (database access, GitHub/GitLab) that typically require credentials; the package does not request or document those credentials here, creating a mismatch between described integrations and declared environment requirements.
Persistence & Privilege
The skill does not request always:true or other elevated persistence, and it is user-invocable only. No indications it modifies global agent settings or other skills.
What to consider before installing
This package is mostly a textual guide and templates, which is fine — but it claims MCP setup scripts that are not present. Before installing or running anything: (1) ask the author for the missing 'mcp-scripts' and inspect them carefully — do not run scripts you haven't reviewed; (2) if you purchase the paid content, verify what scripts will be delivered and review them offline for hardcoded credentials, network endpoints, or privileged operations; (3) be cautious about executing any provided MCP/server setup scripts on production machines or with elevated privileges — run them in an isolated environment (VM or container) first; (4) require transparency about any external endpoints the scripts contact and any credentials they request. The inconsistency here is likely sloppy packaging or withheld paid assets, not necessarily malicious, but it increases risk and justifies verification before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97959yvga1fbpj3w36gj43s2x84dzhd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.