Skills
skills/terrylica/cc-skills/claude-code-proxy-patterns/Gen Agent Trust Hub

claude-code-proxy-patterns

Fail

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: A hardcoded API key is present in the EnvironmentVariables section of the launchd configuration example in references/launchd-configuration.md.
  • [COMMAND_EXECUTION]: The skill documentation includes patterns for executing shell commands to interact with the macOS Keychain using the security utility and the system service manager using launchctl.
  • [COMMAND_EXECUTION]: The documentation instructs the user to execute commands with sudo to perform sensitive system operations such as modifying files in /Library/LaunchDaemons and changing file ownership to root.
  • [DATA_EXFILTRATION]: The skill describes processes for reading sensitive OAuth access and refresh tokens from the macOS Keychain and forwarding them to external model provider endpoints.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 11, 2026, 01:40 AM