coding-standards

SUSPICIOUS: The stated purpose and most capabilities are coherent for a coding-standards enforcement skill, and no credential theft or off-platform data routing is visible. The main concern is install/execution trust: bootstrap.py --auto-install changes persistent Claude hook configuration and may install packages from unspecified sources that cannot be verified from the provided content.

This snippet is not directly malicious; it is a pre-tool hook configuration that triggers automatic execution of multiple local Python scripts before write/edit/multiedit actions. The security risk is primarily indirect: it blindly runs code from a local path with no integrity checks, so tampering with the referenced `.claude/skills/coding-standards/hooks/` scripts could result in arbitrary code execution in the user’s environment.