damage-control
Enhances Claude Code security by managing hooks to block dangerous commands and protect sensitive files effectively.
Install this skill
or
37/100
Security score
The damage-control skill was audited on Feb 12, 2026 and we found 11 security issues across 4 threat categories, including 2 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 118
Piping content to bash shell
SourceSKILL.md
| 118 | curl -fsSL https://bun.sh/install | bash && bun add yaml |
high line 109
Piping content to sh shell
SourceSKILL.md
| 109 | curl -LsSf https://astral.sh/uv/install.sh | sh |
medium line 109
Curl to non-GitHub URL
SourceSKILL.md
| 109 | curl -LsSf https://astral.sh/uv/install.sh | sh |
medium line 118
Curl to non-GitHub URL
SourceSKILL.md
| 118 | curl -fsSL https://bun.sh/install | bash && bun add yaml |
medium line 67
Access to hidden dotfiles in home directory
SourceSKILL.md
| 67 | - "add ~/.credentials to zero access" → Execute directly, then restart reminder |
medium line 100
Access to hidden dotfiles in home directory
SourceSKILL.md
| 100 | | Global | `~/.claude/settings.json` | `~/.claude/hooks/damage-control/` | All projects | |
medium line 3
Access to .env file
SourceSKILL.md
| 3 | description: Install, configure, and manage Claude Code security hooks that block dangerous commands and protect sensitive files. Use when setting up security protection, blocking destructive commands |
medium line 13
Access to .env file
SourceSKILL.md
| 13 | | **zeroAccessPaths** | No | No | No | No | Secrets, credentials, .env files | |
low line 109
External URL reference
SourceSKILL.md
| 109 | curl -LsSf https://astral.sh/uv/install.sh | sh |
low line 112
External URL reference
SourceSKILL.md
| 112 | powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex" |
low line 118
External URL reference
SourceSKILL.md
| 118 | curl -fsSL https://bun.sh/install | bash && bun add yaml |
Scanned on Feb 12, 2026
View Security Dashboard