Oathe Security Badge

Is tenfoldmarc/website-builder-setup safe?

https://github.com/tenfoldmarc/website-builder-setup

87
SAFE

This skill legitimately installs website development tools but performs broader system modifications than typical skills, including global NPM package installation and system configuration changes. While the functionality aligns with its stated purpose, the scope extends beyond simple skill execution.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 70/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (4)

MEDIUM Global NPM Package Installation -25

Skill installs global NPM packages (uipro-cli) and executes external code from GitHub repositories, which could introduce security risks if these packages are compromised.

LOW Configuration File Modification -15

Skill modifies ~/.claude.json to add MCP server configuration, which alters system behavior beyond the skill's execution.

LOW External Repository Dependencies -5

Skill relies on executing code from external repositories and services that may not be fully vetted.

INFO System Scope Beyond Description -25

Skill performs global system modifications and installs tools that persist beyond skill execution, which users may not fully expect.