lobotomized-claude-code-update

Warn

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill executes a JavaScript file (index.mjs) via node from a repository previously cloned from github.com/skrabe/tweakcc-fixed.\n- [EXTERNAL_DOWNLOADS]: Fetches updates and source code from non-trusted GitHub repositories skrabe/lobotomized-claude-code and skrabe/tweakcc-fixed using git pull.\n- [COMMAND_EXECUTION]: Runs pnpm install and pnpm build in an external repository, which may trigger arbitrary installation and build scripts.\n- [COMMAND_EXECUTION]: Modifies the claude system binary in-place by applying code overrides from third-party sources.\n- [PROMPT_INJECTION]: The skill processes untrusted output from git log and git diff commands which could be manipulated to include malicious instructions for the agent.\n
  • Ingestion points: Output from git log, git diff, and git status in SKILL.md.\n
  • Boundary markers: None used for command output results.\n
  • Capability inventory: Binary file modification, subprocess execution (pnpm, node, git), and system installation (claude install).\n
  • Sanitization: None; the agent processes raw output from the git history.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 17, 2026, 12:12 AM
Security Audit — agent-trust-hub — lobotomized-claude-code-update