claude-code
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs on the installation of "@anthropic-ai/claude-code" and various Model Context Protocol (MCP) servers (e.g., "@modelcontextprotocol/server-github", "@anthropic-ai/server-postgres"). These are official packages from well-known technology organizations.
- [COMMAND_EXECUTION]: The documentation provides extensive examples of terminal commands for project management, session handling with tmux, and CLI interaction. These commands are consistent with the skill's purpose as an orchestration guide for a developer tool.
- [SAFE]: A detected fork bomb pattern (":(){ :|:& };:") was identified within a security hook example in the documentation. In this context, the pattern is part of a defensive configuration example meant to illustrate how users can prevent malicious shell code execution using the tool's built-in security features, rather than an attempt to execute the command itself.
Audit Metadata