arcanea-meta
Fail
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download third-party code from external repositories using
git clone. Specifically,references/absorption-log.mdlistshttps://github.com/ruvnet/claude-flowas a source for its 'absorption' process. - [REMOTE_CODE_EXECUTION]: The 'How to absorb a repo' workflow described in
SKILL.mdfacilitates the extraction and integration of executable patterns from unverified external repositories into the local ecosystem. - [COMMAND_EXECUTION]: The skill provides detailed instructions for creating and registering lifecycle hooks (e.g.,
~/.claude/hooks/<name>.sh) and modifying system configuration files (settings.json), establishing persistent code execution paths that trigger on agent events. - [COMMAND_EXECUTION]: Several files, including
references/ecosystem-map.mdandreferences/installed-stack.md, provide bash shell scripts for the agent to execute to perform file system discovery, repo verification, and state auditing.
Recommendations
- AI detected serious security threats
Audit Metadata