Back to skill

Security audit

PRECC

Security checks across malware telemetry and agentic risk

Overview

PRECC’s purpose fits its behavior, but it persistently wires itself into Claude Code’s shell-command hooks and the installer appears broader than the skill page fully explains.

Install only if you are comfortable allowing PRECC to intercept and potentially rewrite Claude Code Bash commands in future sessions. Review the exact changes to ~/.claude/settings.json, confirm the hook path points to the expected binary, and understand how to disable or remove the hook before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Agent Config Directory Access

High
Category
Agent Snooping
Content
config:
        - ~/.local/share/precc/history.db
        - ~/.local/share/precc/heuristics.db
        - ~/.claude/settings.json
      env:
        - PRECC_LICENSE_KEY
    primaryEnv: PRECC_LICENSE_KEY
Confidence
94% confidence
Finding
~/.claude/settings.json

Agent Config Directory Access

High
Category
Agent Snooping
Content
## What PRECC Modifies

- **`~/.claude/settings.json`** — Adds a `PreToolUse` hook entry pointing to `precc-hook`
- **`~/.local/share/precc/`** — SQLite databases for learned failure-fix patterns and skill heuristics
- **`~/.local/bin/`** — Installs `precc`, `precc-hook`, and `precc-learner` binaries
Confidence
97% confidence
Finding
~/.claude/settings.json

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.