Security risk report for @forgecat/anthropics_claude-plugins-official_claude-code-setup v0.0.4
Source Integrity
Low
Profile is sourced from Anthropic's official claude-plugins-official repository (GitHub link provided in metadata).
Content is well-documented, version-controlled, and attributed to Isabella He (isabella@anthropic.com); no supply-chain red flags.
Agent Intent
Low
Profile is a read-only analysis skill that recommends Claude Code automations; it does not instruct the AI to ignore instructions, exfiltrate data, or modify system behavior.
Content describes automation patterns (hooks, MCP servers, skills, subagents) as reference material for the skill to use when analyzing codebases; no hidden instructions to manipulate the AI.
Guidance on MCP servers, hooks, and skills is legitimate technical documentation; recommending popular libraries (React, Express, Prisma) and standard tools (Prettier, ESLint, pytest) is not poisoning—it reflects industry best practices.
Details
Evidence
Skill description: 'Analyze a codebase and recommend Claude Code automations... This skill is read-only. It analyzes the codebase and outputs recommendations. It does NOT create or modify any files.'
Reference files (hooks-patterns.md, mcp-servers.md, skills-reference.md) are structured lookup tables and detection patterns, not injected instructions.
No directives to hide instructions, leak system prompts, or weaken security defaults.
README: 'This skill is read-only - it analyzes but doesn't modify files.'
Workflow section shows only analysis commands (ls, cat, grep) with no write operations.
MCP Risk
Low
No MCP servers are defined in the profile; the content is reference documentation for MCP servers that users may choose to install separately.
MCP server descriptions (context7, Playwright, Supabase, GitHub, etc.) are legitimate, well-known tools with no hidden instructions or arbitrary binary execution.
Recommendations include detection patterns and use cases but do not embed malicious tool definitions or unrestricted access.
Details
Evidence
Profile metadata: '(none)' for MCP servers.
mcp-servers.md is a lookup table with detection patterns and setup guidance; no tool definitions or hidden instructions embedded.
Recommendations are conditional on codebase signals (e.g., 'if React detected, recommend Playwright MCP') and include legitimate use cases.