claude-code-templates-cli
Fail
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill directs users to execute
npx claude-code-templates@latest, which facilitates the download and immediate execution of code from an external npm package that is not part of a verified or trusted source list. - [EXTERNAL_DOWNLOADS]: Recommends global installation of the
claude-code-templatespackage usingnpm install -g, which typically necessitates administrative privileges and grants the software broader system access. - [EXTERNAL_DOWNLOADS]: Includes instructions to install the
cloudflaredCLI from Cloudflare's official repositories to enable remote conversation monitoring through secure tunnels. - [COMMAND_EXECUTION]: Suggests modifying local file system permissions using
chmod -R u+w .claude/, which could potentially be exploited to gain unauthorized write access to configuration directories.
Recommendations
- AI detected serious security threats
Audit Metadata