ClawHub

claude-code-noninteractive-in-node

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill is coherent for remote Claude Code use, but it normalizes high-privilege remote execution and weak API-key handling without enough safety guidance.

Install only if you intentionally want a remote machine to run Claude Code against your projects. Prefer read-only or tightly scoped modes, avoid permission-bypass commands unless the node and repository are trusted, store API keys with stricter controls than shared shell profiles, and do not print any part of secrets while troubleshooting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly documents a `--dangerously-skip-permissions` invocation as a normal quick-reference option without an adjacent warning, constraints, or approval requirements. In a remote execution skill, this materially increases the chance that users or downstream agents run destructive commands on another machine with guardrails disabled, amplifying the blast radius beyond a local workstation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation tells users to place a long-lived API key directly in `~/.bashrc` for non-interactive shell loading, but does not warn about credential exposure risks, shell history leakage, overbroad persistence, or safer secret-management alternatives. Because this skill is designed for remote nodes, persistent credentials on shared or less-trusted machines create a meaningful risk of theft and reuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document presents `bypassPermissions` and `dangerously-skip` as normal permission options and shows that they enable file writes, shell, git, and network access, but it does not include an explicit warning that these modes effectively remove key safety boundaries. In a remote coding-agent skill, that omission can cause users or downstream agents to select overly broad privileges without appreciating the risk of arbitrary command execution, repository modification, and external data exfiltration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting command explicitly prints the first 10 characters of the ANTHROPIC_API_KEY, which discloses sensitive credential material to logs, terminals, screenshots, or shared debugging transcripts. Even partial secret exposure weakens secret hygiene and can aid credential correlation or validation, especially in a remote multi-operator environment where outputs may be observed or retained.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal