arcanea-meta

Fail

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download third-party code from external repositories using git clone. Specifically, references/absorption-log.md lists https://github.com/ruvnet/claude-flow as a source for its 'absorption' process.
  • [REMOTE_CODE_EXECUTION]: The 'How to absorb a repo' workflow described in SKILL.md facilitates the extraction and integration of executable patterns from unverified external repositories into the local ecosystem.
  • [COMMAND_EXECUTION]: The skill provides detailed instructions for creating and registering lifecycle hooks (e.g., ~/.claude/hooks/<name>.sh) and modifying system configuration files (settings.json), establishing persistent code execution paths that trigger on agent events.
  • [COMMAND_EXECUTION]: Several files, including references/ecosystem-map.md and references/installed-stack.md, provide bash shell scripts for the agent to execute to perform file system discovery, repo verification, and state auditing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — arcanea-meta