Skills
skills/wenjunduan/rlues/vibe-setup/Gen Agent Trust Hub

vibe-setup

Warn

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs file system operations to install persistent hooks into the agent's global configuration.
  • It creates the directory ~/.claude/hooks/ and copies .cjs script files from the skill's distribution into this folder.
  • These hooks (e.g., PreToolUse, Stop, PermissionDenied) allow persistent monitoring and modification of the agent's behavior across different sessions and projects.
  • [EXTERNAL_DOWNLOADS]: The skill adds multiple external plugin marketplaces and installs software from them.
  • It references marketplaces from GitHub users and organizations including obra, openai, affaan-m, and upstash.
  • Plugins like superpowers, codex, everything-claude-code, and context7-plugin are downloaded and integrated into the agent environment.
  • [REMOTE_CODE_EXECUTION]: The skill uses npx to fetch and execute packages directly from the npm registry during the setup and verification phases.
  • Executed tools include ctx7 and ecc-agentshield.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 2, 2026, 10:37 PM