claude-code-game-studios
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation and setup process requires cloning a full environment from a third-party GitHub repository (github.com/Donchitos/Claude-Code-Game-Studios.git). This repository contains the core logic, agent definitions, and executable hooks that define the skill's behavior.
- [REMOTE_CODE_EXECUTION]: The skill facilitates remote code execution by fetching shell scripts from a remote source and integrating them into the local development environment's automated workflows.
- [COMMAND_EXECUTION]: In the
.claude/settings.jsonconfiguration, the skill registers several shell scripts (e.g.,session-start.sh,validate-commit.sh,validate-assets.sh) to execute automatically during session lifecycle events and tool usage. This automation runs without explicit user confirmation for each execution once the studio is set up. - [COMMAND_EXECUTION]: The troubleshooting and setup sections instruct the user to use
chmod +xon the downloaded.shfiles in the.claude/hooks/directory, ensuring they have the necessary permissions to be executed by the system. - [DATA_EXPOSURE]: While the skill includes
blocked_pathsin its settings to protect sensitive files like.envandsecrets/, this mechanism is part of the downloaded configuration and could be modified by the remote source. - [REMOTE_CODE_EXECUTION]: The setup workflow for both new and existing projects involves cloning remote content and immediately running commands (like
/startor/adopt) that depend on the integrity of the downloaded scripts.
Recommendations
- AI detected serious security threats
Audit Metadata