100Critical
The skill is malicious because it executes destructive shell or Java runtime commands, posing a critical risk to system integrity and security.
Skill Info
Nameanthropics/claude-plugins-official/writing-hookify-rules
Registrygithub
Version73e22af437e0
PURLpkg:github/anthropics/claude-plugins-official@73e22af437e0?skill=writing-hookify-rules
Stars30,459
Installs3,500
Source
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
3,500 installs
Skills.shDocs
npx skills add https://github.com/anthropics/claude-plugins-officialAssessments (2)
AI Agent Traps ↗Destructive shell or Java runtime command execution detectedcriticalcommand executionAML.T0050AML.T0053AML.T0072LLM05:2025LLM06:2025
Destructive shell or Java runtime command execution detected
100% confidenceline 274
rm -rf /
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/anthropics/claude-plugins-official/writing-hookify-rules)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/anthropics/claude-plugins-official/writing-hookify-rules"><img src="https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-plugins-official/writing-hookify-rules.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-plugins-official/writing-hookify-rules.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow