Skill Detail

CLAUDE CODE EXPERT - Potencia Maxima

This skill appears to be a documentation-heavy guide for using the Claude Code CLI, including setup, configuration, and advanced workflows.

GitHub:sickn33/antigravity-awesome-skills claude-code-expert
version 5ec19acccc09
static analysis only
no human review yet
High Risk

Current public label

High Risk

The presence of shell commands that could be used to install software or delete files, combined with the use of `sudo`, suggests this skill could be used to perform actions that could be harmful.

This label is currently coming from the automated scorecard.

Automated result

High Risk

The skill's documentation includes potentially risky shell commands, such as `curl|sh` and `rm -rf`, and references `sudo` for privilege escalation.

2 high, 1 medium, 1 low Final label: high risk.

Human review

No human review has been recorded yet.

The current public label is still relying on automation. A human has not weighed in yet.

What happened

Driftloom completed a static scan. It inspected the skill files, recorded findings, and generated a scorecard.

Runtime evidence

No sandbox runtime result has been recorded yet.

Driftloom currently recommends runtime testing for this version (priority 35).

What did not happen

  • Driftloom did not run this skill in an isolated sandbox yet.
  • This label is not a guarantee that the skill is safe, bug-free, or appropriate for every environment.
  • A good score does not replace human judgment when a skill touches secrets, shell access, or external systems.

Source provenance

Source: Workspace import

Originally ingested from a local workspace copy.

Scorecard

Safety
29
Quality
94
Transparency
100
Operational
92
Maintenance
56

2 high, 1 medium, 1 low Final label: high risk.

Severity mix: 2 high, 1 medium, 1 low

What Driftloom checked

  • Read the skill files and metadata to understand what the skill claims to do.
  • Looked for shell commands and risky command patterns.
  • Looked for external URLs and network behavior.
  • Looked for secrets and credential handling clues.
  • Checked whether the skill structure and references looked internally consistent.

Findings

Pipe-to-shell pattern detected
shell.curl_pipe_shell · safety
High

Found a curl|sh style install pattern. Very convenient, often very stupid.

File: SKILL.md
Evidence: curl * | bash
Destructive shell pattern detected
shell.rm_rf · safety
High

Found a hard-delete shell pattern. That deserves human eyes, not optimism.

File: SKILL.md
Evidence: rm -rf
Privilege escalation command referenced
shell.sudo · safety
Medium

The source references sudo. That may be legitimate, but it changes the risk profile.

File: SKILL.md
Evidence: sudo
Documentation-only skill structure
structure.docs_only · quality
Low

The source looks almost entirely documentation-based, with no obvious code or config files to inspect. That does not make it bad, but it limits how much automation can meaningfully verify.

File: SKILL.md
Driftloom is following the boring, correct architecture: Django control plane first, isolated runner later. Miraculously, restraint survives.