claude-code-best-practice
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely instructional, providing guidance and examples for structuring Claude Code agents, commands, and workflows. No hidden content or malicious patterns were detected.
- [COMMAND_EXECUTION]: Provides example shell commands for standard tasks such as package installation (
pip install), permission management (chmod +x), and environment configuration. All examples use standard developer tools and placeholders for sensitive variables. - [EXTERNAL_DOWNLOADS]: References official and well-known repositories, including the Model Context Protocol (MCP) servers on NPM and documentation repositories on GitHub. These are legitimate resources for the skill's stated purpose.
- [CREDENTIALS_UNSAFE]: Correctly uses environment variable placeholders (e.g.,
${GITHUB_TOKEN},${ANTHROPIC_API_KEY}) for sensitive configuration, following security best practices for credential management.
Audit Metadata