claude-code-local
Security checks across malware telemetry and agentic risk
Overview
This is a coherent Claude Code helper, but it needs Review because it documents full-permission non-interactive local agent runs without strong containment or approval guidance.
Install only if you intentionally want OpenClaw to hand local coding work to Claude Code on your machine. Prefer read-only or accept-edits modes, avoid the full-permission bypass except in trusted and isolated worktrees, protect Anthropic credentials, and monitor any background Claude Code process.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.