Back to skill

Security audit

Claude Task Runner

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate headless Claude task runner, but it normalizes unattended file and shell execution with permission bypasses and relies on an unbundled local runner script.

Install only if you intentionally want unattended Claude Code automation and can review or trust the separate local `cc-task-runner.sh` it calls. Use a temporary dedicated work directory, avoid `bypassPermissions` for untrusted prompts or repositories, keep secrets out of task prompts, inspect generated artifacts before using them, and clean stored task state after sensitive runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly recommends `--permission-mode bypassPermissions` for tasks that write files or run Bash, which weakens an important safety control and normalizes unattended execution with elevated trust. In this context, the skill is designed to run arbitrary headless Claude tasks and shell-capable workflows, so encouraging permission bypass increases the chance of unsafe file modification or command execution without meaningful user review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation repeatedly recommends using `--permission-mode bypassPermissions`, which disables interactive approval for Bash and file-writing actions. In a headless task runner that executes model-directed tasks, this materially increases the chance of unauthorized command execution or unintended filesystem changes without any human checkpoint.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.