Security audit

Claude Automation Recommender

Security checks across malware telemetry and agentic risk

Overview

This skill only provides Claude Code automation recommendations, but users should review suggested hooks, MCP servers, and shared configs before enabling them.

Install this if you want advisory recommendations for Claude Code automation. Treat its output as a proposal: inspect any recommended plugin, hook, MCP server, or generated skill before enabling it; do not commit secrets or private credentials in .mcp.json; prefer least-privilege tokens and read-only modes; and require explicit review for tools that can modify repos, databases, cloud resources, containers, or team workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The skill states it is read-only, but the instructions explicitly encourage web search and provide Bash-based analysis steps. That mismatch can mislead operators and downstream tooling about the actual trust boundary, causing the skill to access external resources or execute broader shell commands than expected during analysis.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The notification hook examples invoke arbitrary OS commands (`afplay` and `osascript`) automatically when Claude Code emits events, but the documentation does not warn that these hooks execute system-level commands on the host. In a skill that recommends automations, this can normalize copying command-executing hooks without adequate review, increasing the chance users run unexpected local commands.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guidance recommends checking `.mcp.json` into git and sharing it team-wide without warning that MCP configurations can contain sensitive server endpoints, tokens, or other connection details depending on how teams configure them. In a skill specifically designed to recommend and operationalize MCP servers, this advice increases the likelihood that users will propagate secrets or internal infrastructure details into version control and across the team by default.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.