Statusline Setup

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent for configuring Claude Code’s statusline, with a minor caution that it may read shell configuration and edit Claude settings.

Before using it, tell the agent which shell prompt file or prompt text to inspect, ask it to show the Claude settings change before applying it, and avoid broad scanning of dotfiles that may contain unrelated secrets or tokens.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 85% confidence
Finding: The skill explicitly instructs the agent to inspect shell prompt context and read/update Claude settings, but it does not clearly disclose to the user that local configuration files may be accessed and modified. This is a genuine transparency and consent issue: even if the actions are expected for the task, the missing warning can lead to unexpected file reads or settings changes that the user did not realize would occur.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal