Claude Settings Editor

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only helper for carefully editing Claude JSON settings, with no hidden code, installs, network behavior, or credential use found.

Before using it, specify the exact Claude settings file or scope you want changed, review the diff before accepting writes, and be especially careful with hook, permission, plugin, or MCP changes because those can affect future agent behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The manifest's default prompt begins with "Help me update Claude settings...", and "help me" is a generic everyday phrase rather than a narrowly scoped invocation. In a manifest file, this kind of broad activation wording can create ambiguity about when the skill should activate versus ordinary conversation.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal