Is LeoLin990405/claude-ccb-skills safe?

https://github.com/LeoLin990405/claude-ccb-skills

39
DANGEROUS

This skill enables arbitrary bash command execution through multiple delegation interfaces with no input validation. The complex multi-AI orchestration system could manipulate agent behavior and hide malicious activities through background execution.

Category Scores

Prompt Injection 30/100 · 30%
Data Exfiltration 45/100 · 25%
Code Execution 5/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 80/100 · 10%
Behavioral Reasoning 20/100 · 5%

Findings (6)

CRITICAL Arbitrary Bash Command Execution -60

Multiple skills (cask, gask, oask, etc.) execute bash commands with unsanitized user input via $ARGUMENTS parameter. This enables arbitrary code execution.

HIGH Agent Behavior Manipulation -35

The stem-modeling skill contains over 10,000 lines of instructions for complex multi-AI orchestration that could override normal Claude behavior patterns and suppress security checks.

HIGH Command Injection Attack Vector -50

The skill design enables command injection where malicious bash commands can be hidden within legitimate AI delegation requests.

MEDIUM Security Check Bypass -25

Skills instruct agent to 'end turn immediately' and use background execution, potentially bypassing security monitoring and user oversight.

MEDIUM Sensitive File Access Capability -25

Bash execution capabilities could be exploited to access sensitive files like credentials, SSH keys, and environment variables.

MEDIUM System Compromise Potential -30

The ccb-launcher skill contains instructions to modify system environment and launch external programs, enabling potential system compromise.