40Medium
The skill lacks a license, uses improper naming conventions, and poses a security risk by accessing sensitive environment variables without justification.
Skill Info
Nameanthropics/claude-code/plugin-structure
Registrygithub
Versionc487902a53fc
PURLpkg:github/anthropics/claude-code@c487902a53fc?skill=plugin-structure
Stars133,398
Installs9,600
Source
Install
This skill has findings worth reviewing before installing.
GitHub
9,600 installs
Skills.shDocs
npx skills add https://github.com/anthropics/claude-codeAssessments (2)
AI Agent Traps ↗Access to sensitive environment variables detectedmediumcredential theftAML.T0055AML.T0037LLM02:2025
Access to sensitive environment variables detected
100% confidenceline 247
${API_KEY}Invalid skill name formatlowpolicy violation
Skill name should be lowercase alphanumeric with hyphens (e.g., 'my-skill').
100% confidence
Plugin Structure
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/anthropics/claude-code/plugin-structure)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/anthropics/claude-code/plugin-structure"><img src="https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-code/plugin-structure.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-code/plugin-structure.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow