100Critical
This skill allows arbitrary command execution, extensive file system
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Agent Development for Claude Code Plugins: Agents are autonomous subprocesses that handle complex, multi-step tasks independently. Understanding agent structure, triggering conditions, and system prompt design enables creating powerful autonomous capabilities.
Actually does
This skill provides comprehensive documentation and best practices for developing agents within Claude Code plugins. It details agent file structure, YAML frontmatter fields (name, description, model, color, tools), and system prompt design. It offers guidance on defining triggering conditions, model selection, tool restriction, validation rules, organization, and testing, referencing external files and utility scripts. It does not execute any commands or access external data itself.
Skill Info
Nameanthropics/claude-code/agent-development
Registrygithub
Version5c18c787f262
PURLpkg:github/anthropics/claude-code@5c18c787f262?skill=agent-development
Stars114,388
Installs455,628
Source
SHA-256ff3324078bbe...
SHA-124c8e83f9ebf...
MD50d4c1931b532...
TLSH1322f9109f96...
ssdeep192:x6+KZfrS...
Size10,430 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗Command Execution via 'Bash' Toolcriticalcommand execution
The skill explicitly allows agents to be configured with a 'Bash' tool, enabling arbitrary command execution on the host system. This presents a direct path to system compromise if an agent is misused or compromised.
100% confidenceline 149
tools: ["Read", "Write", "Grep", "Bash"]
Broad File System Access via 'Read', 'Write', 'Grep', 'Glob'highdata exfiltration
Agents can be granted 'Read', 'Write', 'Grep', and 'Glob' tools, providing extensive access to the file system. This capability allows for data exfiltration, modification, or deletion of sensitive files.
100% confidence
tools: ["Read", "Write", "Grep", "Bash"], Read-only analysis: ["Read", "Grep", "Glob"]
Default 'All Tools' Access Violates Least Privilegehighresource abuse
By default, if the 'tools' field is omitted, an agent has access to all available tools. This significantly increases the attack surface for any newly created agent, violating the principle of least privilege.
100% confidenceline 152
Default: If omitted, agent has access to all tools
External Shell Scripts for Validation and Testingmediumcommand execution
The skill mentions utility scripts like 'validate-agent.sh' and 'test-agent-trigger.sh'. The use of external shell scripts implies command execution on the host system, which could be a vector for supply chain attacks or local privilege escalation if compromised.
100% confidenceline 411
scripts/validate-agent.sh, scripts/test-agent-trigger.sh
AI-Assisted Agent Creation Vulnerable to Prompt Injectionhighprompt injection
The AI-assisted agent generation method allows a user's description to directly influence the generated agent's system prompt and triggering conditions. A malicious user could inject instructions to create an agent with harmful behaviors or unintended triggers.
100% confidenceline 224
Create an agent configuration based on this request: "[YOUR DESCRIPTION]"
Lack of Explicit Warnings Against Malicious Agent Creationlowoversight evasion
The guide focuses on best practices for creating agents but does not explicitly warn against the potential for malicious agent creation or the security implications of granting powerful tools. This could lead developers to inadvertently create vulnerable or harmful agents.
90% confidence
(Implicit, absence of explicit warnings about security risks of agent creation beyond 'least privilege')
Version History (2)
Dependencies (13)
agent-sdk-dev.claude-plugin/marketplace.jsonnot scanned
claude-opus-4-5-migration.claude-plugin/marketplace.jsonnot scanned
code-review.claude-plugin/marketplace.jsonnot scanned
commit-commands.claude-plugin/marketplace.jsonnot scanned
explanatory-output-style.claude-plugin/marketplace.jsonnot scanned
feature-dev.claude-plugin/marketplace.jsonnot scanned
frontend-design.claude-plugin/marketplace.jsonnot scanned
hookify.claude-plugin/marketplace.jsonnot scanned
learning-output-style.claude-plugin/marketplace.jsonnot scanned
plugin-dev.claude-plugin/marketplace.jsonnot scanned
pr-review-toolkit.claude-plugin/marketplace.jsonnot scanned
ralph-wiggum.claude-plugin/marketplace.jsonnot scanned
security-guidance.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/anthropics/claude-code/agent-development)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/anthropics/claude-code/agent-development"><img src="https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-code/agent-development.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-code/agent-development.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow