claude-code-analysis-research

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content shows multiple deliberate high-risk patterns that could enable credential exfiltration and remote code execution (notably passing full process.env to spawned MCP servers, dynamic runtime tool registration via networked transports, and bootstrapping external code with npx), indicating a strong potential for backdoor/abuse if an attacker or malicious/compromised extension is involved.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains an explicit runtime command that runs an external npm package—"npx -y @modelcontextprotocol/server-filesystem"—which fetches and executes remote code at runtime (see the MCP client connect snippet), so the external package (https://www.npmjs.com/package/@modelcontextprotocol/server-filesystem) is a risky runtime dependency.