anth-debug-bundle
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches service status data from Anthropic's official status API (status.anthropic.com). This is a well-known service and the operation is used for legitimate diagnostic purposes.
- [COMMAND_EXECUTION]: Executes standard shell commands including curl, pip, npm, and tar to collect environment information, verify SDK versions, and package diagnostic data. These operations are restricted to the local environment and align with the skill's purpose.
- [REMOTE_CODE_EXECUTION]: Analysis of the automated scan alert confirms that the skill pipes JSON data into a static Python one-liner (python3 -c) for parsing. It does not execute arbitrary remote code, and the source is a trusted provider.
- [CREDENTIALS_UNSAFE]: The skill handles the ANTHROPIC_API_KEY by verifying its presence and character count for diagnostic logs while explicitly avoiding the recording of the actual secret value.
Audit Metadata