create-master

The hook mechanism is legitimate for extensibility but presents a non-trivial startup-time execution risk: if CLAUDE_PLUGIN_ROOT is tainted or if run-hook.cmd is malicious, arbitrary code could run at session start. Recommendations include restricting CLAUDE_PLUGIN_ROOT to trusted locations, implementing integrity verification (signatures, hashes) for run-hook.cmd, enabling least-privilege execution, adding auditing/logging of executed commands, and isolating the script execution (sandbox or container) where feasible.

SUSPICIOUS. The skill’s core behavior is broadly consistent with its stated purpose, and it does not show direct credential theft, covert exfiltration, or malicious installers. However, it combines external retrieval, local command execution, and generation of persistent new SKILL.md files, creating medium risk from indirect prompt injection and transitive trust rather than clear malware.

The code enables running an external local script at session start, which is a legitimate extensibility mechanism but introduces supply-chain and runtime risk. Without integrity verification, signing, or isolation, the script can become a backdoor or attack surface if tampered or replaced. Implement safeguards to mitigate risk in trusted environments.