Skills
skills/laststance/skills/claude-code-plugin-hacker/Gen Agent Trust Hub

claude-code-plugin-hacker

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: Performs broad filesystem operations on the ~/.claude directory, including recursive searches (find), permission modifications (chmod +x), string replacement in scripts (sed), and file deletions (rm -rf) to audit and fix plugin issues.
  • [REMOTE_CODE_EXECUTION]: Uses eval to execute command strings extracted from hooks.json files during the verification phase. This constitutes dynamic execution of commands defined in external plugin configurations, which may be modified or untrusted.
  • [DATA_EXFILTRATION]: Accesses sensitive configuration and metadata files, including ~/.claude/settings.json and hooks.json files within the plugin cache, to audit plugin states and hook definitions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 03:29 AM
Security Audit — agent-trust-hub — claude-code-plugin-hacker