Claude Api Cn
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
This appears safe to use as documentation, but treat copied examples carefully: keep API keys out of code, verify package names against official sources, watch API costs, and only enable memory, MCP, file, terminal, or code-execution tools with clear sandboxing and user approval. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user implements these examples broadly, their app could let an agent run commands or modify data.
The documentation includes examples for enabling powerful tools that can execute code, edit text, or access web/search capabilities. This is aligned with agent-development guidance, but it is sensitive if copied into a real app without approval gates.
Server-side tools (bash, web_search, text_editor, code_execution) are GA
Enable only the tools needed, sandbox them, validate tool inputs, and require user approval for command execution, file edits, or other high-impact actions.
Using these examples will connect applications to a user’s Anthropic account and may incur API usage or billing.
The skill documents use of Anthropic API credentials, which is expected for Claude API development. The snippet uses an environment variable rather than embedding a real key.
ApiKey = Environment.GetEnvironmentVariable("ANTHROPIC_API_KEY")Store API keys in environment variables or a secret manager, avoid committing keys to source control, and use the least-privileged credentials available.
If implemented carelessly, an agent could store private or incorrect information and reuse it in future sessions.
The documentation shows a memory tool backed by filesystem storage. Persistent memory is purpose-aligned for agents, but stored facts or instructions can be reused later and should be bounded.
BetaMemoryToolHandler memoryHandler = new FileSystemMemoryToolHandler(sandboxRoot);
Use a dedicated sandbox path, disclose what is stored, provide deletion controls, and avoid treating stored memory as trusted instructions without validation.
A connected MCP server may receive prompts or data and expose tools whose permissions depend on that server.
The documentation includes connecting to MCP servers so an agent can use external tools. This is expected for Agent SDK examples, but real MCP servers introduce external trust and permission boundaries.
mcpServers: [ ... url: 'https://example.com/mcp' ... ], ... 'Use the MCP tools'
Connect only to trusted MCP servers, review the tools they expose, restrict sensitive data sent to them, and document their permissions.