collection-claude-code-source-code
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone an external, unverified repository from an unknown GitHub user (
git clone https://github.com/chauncygu/collection-claude-code-source-code.git). - [REMOTE_CODE_EXECUTION]: Following the download, the instructions direct the user or agent to install the repository content as an editable package (
pip install -e .), which executes the repository's setup configuration (e.g.,setup.pyorpyproject.toml) and makes the code available for execution. - [COMMAND_EXECUTION]: The documentation includes various examples of executing shell commands and Python scripts that interact with the local filesystem and terminal. While these are presented as implementation examples for an agent, they represent the capability surface for arbitrary command execution.
- [SAFE]: The destructive system command flagged by static analysis (
rm -rf /) is part of a documentation example demonstrating security configuration (blocked commands) rather than an execution instruction, and is therefore benign.
Audit Metadata