running-claude-code-via-litellm-copilot
Fail
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill anchors its instructions and verification steps to an external URL (https://blog.xi-xu.me/en/2025/12/02/Run-Claude-Code-Cheaply-With-LiteLLM-And-GitHub-Copilot.html) that has been explicitly flagged as malicious by automated scanners. Furthermore, the domain name 'xi-xu.me' displays characteristics of typosquatting relative to the author's handle 'xixu-me'.\n- [COMMAND_EXECUTION]: The skill provides commands for installing software ('litellm') and modifying sensitive local configuration files (specifically '~/.claude/settings.json'). Because these actions are performed based on guidance from a flagged malicious source, they represent a significant risk of system compromise.\n- [CREDENTIALS_UNSAFE]: The skill's workflow involves configuring authentication environment variables and modifying application settings that store API credentials. Executing these steps under the guidance of a flagged external resource could lead to credential harvesting or exposure.\n- [PROMPT_INJECTION]: The skill refers the agent to external, untrusted content for 'justification' and 'verification', which introduces a risk of indirect prompt injection.\n
- Ingestion points: External content from 'blog.xi-xu.me' via 'references/doc-verified-notes.md'.\n
- Boundary markers: Absent.\n
- Capability inventory: Package installation (pip/uv), file-write (settings.json), and environment variable configuration.\n
- Sanitization: Absent.
Recommendations
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata