user-config
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill is designed for administrative maintenance of the ~/.claude/ directory. * Purpose: Unified entry point for auditing, backing up, and cleaning up Claude Code configuration. * Target: Operates on ~/.claude/ and ~/.claude.json.
- [COMMAND_EXECUTION]: Employs shell commands and Python scripts for maintenance. * Confirmation: Mandatory AskUserQuestion tool usage for all destructive actions (e.g., cleanup-sessions, prune). * Scripting: Uses Python for complex tasks like cost analysis and transcript searching.
- [CREDENTIALS_UNSAFE]: Implements protections for local credentials. * Redaction: Logic included in global and mcp references to mask tokens and keys when viewing configuration data. * Exclusion: Explicitly avoids backing up or restoring ~/.claude/.credentials.json to prevent token exposure. * Auditing: Includes a check for world-readable permissions on sensitive files.
- [EXTERNAL_DOWNLOADS]: Refers to trusted external packages. * Packages: References well-known Model Context Protocol (MCP) server packages from the @anthropic organization.
- [DATA_EXFILTRATION]: No exfiltration vectors identified. * Network activity: References to external domains (anthropic.com) are limited to documentation links and trusted package registries.
Audit Metadata