Security risk report for @forgecat/anthropics_claude-plugins-official_playground v0.0.4
Source Integrity
Low
Profile is sourced from Anthropic's official claude-plugins-official repository on GitHub with a specific commit hash (7e401ed) and Apache-2.0 license.
Metadata is transparent and verifiable; no obfuscation or suspicious origin indicators.
Agent Intent
Low
Content describes legitimate playground-building patterns (HTML generation, state management, UI rendering) with no instructions to manipulate the AI, read credentials, or exfiltrate data.
Templates document standard web UI patterns (sliders, toggles, canvas rendering, comment systems) without hidden directives or prompt injection.
No guidance poisoning: recommendations for single-file HTML, system fonts, and standard JavaScript patterns are security-conscious best practices, not attacker-serving weakening of defaults.
Details
Evidence
'Single HTML file. Inline all CSS and JS. No external dependencies.' — standard security practice for self-contained tools.
'Dark theme. System font for UI, monospace for code/values. Minimal chrome.' — accessibility and performance guidance, not malicious.
Template examples (SQL builder, regex builder, code map) are legitimate use cases with no instructions to bypass security or hide behavior.
Permissions
Low
Skill declares only a single 'playground' capability: generating interactive HTML files.
No file_write, file_delete, shell, web_fetch, or subagent permissions are requested or implied.
The skill is scoped to its stated purpose: building and rendering self-contained HTML playgrounds in the user's browser.
Details
Evidence
Skill description: 'Creates interactive HTML playgrounds — self-contained single-file explorers...' with no mention of system access.
Instructions reference only in-browser operations: 'Open in browser. After writing the HTML file, run `open <filename>.html`' — user-initiated, not automated.
No tool definitions or MCP servers declared.
MCP Risk
Low
No MCP servers are defined in the profile.
No external binary execution, network calls, or filesystem access is configured.
Details
Evidence
'MCP servers (untrusted data): (none)' — no server definitions present.