Claude Api Cn

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Claude API skill with visible, relevant examples, but some examples should be copied carefully because they involve file uploads, tool execution, memory, or auto-editing code.

Reasonable to install if you want Claude API/SDK reference material. Before copying examples into real projects, verify current model names and pricing, avoid sending secrets or regulated files unless approved, use trusted MCP endpoints only, scope Agent SDK tools and working directories, prefer default permissions, and add review gates before file deletion, code execution, or automatic edits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (13)

Context-Inappropriate Capability

Medium

Confidence: 80% confidence
Finding: The skill includes Bash and code-execution server-side tool examples even though its stated purpose is Go usage of the Claude API/Anthropic SDK. Exposing high-risk execution primitives without guardrails, approval requirements, or validation guidance can normalize unsafe adoption and make downstream agents more likely to invoke shell or code execution capabilities inappropriately.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill hard-codes a non-user-neutral model choice and states it is 'non-negotiable,' which can override user needs around cost, latency, capability fit, or organizational policy. While not a classic code-execution issue, this is a real policy and safety concern because it biases downstream agent behavior and can cause unnecessary spend or misuse in contexts where a cheaper or more appropriate model should be selected.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The Files API example demonstrates upload plus mentions deletion and download capabilities without warning that file contents are transferred to a remote service or that some operations are destructive. In agent-skill documentation, omission of these caveats can lead users or downstream automation to exfiltrate sensitive data or delete resources without informed consent.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The memory tool example encourages file-backed persistence of model-accessible user data without warning that personal or sensitive information may be stored on disk and retained beyond the session. In practice this can lead developers to persist secrets, PII, or regulated data unintentionally, increasing privacy, retention, and unauthorized-access risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation presents bash and code-execution tools without any safety framing, which can normalize exposing command execution to model-driven workflows. Developers may enable these tools in production without sandboxing or permission boundaries, creating risk of arbitrary command execution, file/system modification, data exfiltration, and lateral movement.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The Files API example shows uploading, downloading, and deleting documents without warning that user files may contain sensitive content and are transmitted to external services and later removed. This omission can cause developers to implement document handling flows without consent, classification, retention controls, or deletion safeguards.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The MCP example demonstrates connecting to an external URL and enabling remote tool interaction without any warning that prompts, tool arguments, or other data may be sent off-platform. In a documentation skill, this is more sensitive because users may copy-paste the example into production without considering outbound data flow, trust boundaries, or SSRF-style risks from untrusted endpoint configuration.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The documentation advertises server-side tools including bash and code execution without any safety note about their ability to run commands, modify files, or access networked resources depending on platform capabilities. In the context of an API integration guide, omission of operational risk guidance can lead developers to enable powerful tools without sandboxing or approval controls.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The README explicitly documents `permission_mode="acceptEdits"` and shows it in a ready-to-copy example without a prominent warning about the risks of autonomous file modification. In an agent SDK context, this can normalize unsafe defaults and lead developers to enable silent edits in workflows that touch sensitive source code or user data, increasing the chance of unintended or malicious modifications.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation demonstrates uploading local files to a third-party API and then submitting them in message requests, but it does not warn that uploaded content may contain sensitive, regulated, or proprietary data. In a developer-facing skill, this omission can lead users to transmit confidential files without considering privacy, retention, billing, residency, or compliance implications, especially since the same document notes that files persist until deleted.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The session history example enumerates prior sessions and prints session metadata and full message contents directly to stdout. Because agent session transcripts can contain prompts, source code, secrets, file paths, or other sensitive context, this pattern can expose private data to logs, terminals, CI output, or downstream log collectors if copied into real applications without additional safeguards.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README demonstrates reading a local image file and sending its contents to a third-party API, but it does not warn users that file contents and image data leave the local environment. In documentation for an API integration skill, this omission can lead developers to transmit sensitive screenshots, documents, or embedded metadata without considering privacy, consent, or compliance requirements.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The prompt caching section encourages caching request content and mentions TTL, but does not clearly warn that prompts or system content may be retained temporarily for caching purposes. That omission can cause developers to cache sensitive prompts or documents under incorrect assumptions about immediate disposal, increasing privacy and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal