ship
Ship workflow: merge main, run tests, review diff, bump VERSION, update CHANGELOG, commit, push, create PR.
74/100
Security score
The ship skill was audited on Mar 16, 2026 and we found 14 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
low line 21
Command substitution pattern
SourceSKILL.md
| 19 | |
| 20 | ```bash |
| 21 | _UPD=$(~/.claude/skills/gstack/bin/gstack-update-check 2>/dev/null || .claude/skills/gstack/bin/gstack-update-check 2>/dev/null || true) |
| 22 | [ -n "$_UPD" ] && echo "$_UPD" || true |
| 23 | mkdir -p ~/.gstack/sessions |
low line 25
Command substitution pattern
SourceSKILL.md
| 23 | mkdir -p ~/.gstack/sessions |
| 24 | touch ~/.gstack/sessions/"$PPID" |
| 25 | _SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ') |
| 26 | find ~/.gstack/sessions -mmin +120 -type f -delete 2>/dev/null || true |
| 27 | _CONTRIB=$(~/.claude/skills/gstack/bin/gstack-config get gstack_contributor 2>/dev/null || true) |
low line 27
Command substitution pattern
SourceSKILL.md
| 25 | _SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ') |
| 26 | find ~/.gstack/sessions -mmin +120 -type f -delete 2>/dev/null || true |
| 27 | _CONTRIB=$(~/.claude/skills/gstack/bin/gstack-config get gstack_contributor 2>/dev/null || true) |
| 28 | ``` |
| 29 |
low line 400
Command substitution pattern
SourceSKILL.md
| 398 | |
| 399 | ```bash |
| 400 | git commit -m "$(cat <<'EOF' |
| 401 | chore: bump version and changelog (vX.Y.Z.W) |
| 402 |
low line 425
Command substitution pattern
SourceSKILL.md
| 423 | |
| 424 | ```bash |
| 425 | gh pr create --title "<type>: <summary>" --body "$(cat <<'EOF' |
| 426 | ## Summary |
| 427 | <bullet points from CHANGELOG> |
low line 21
Access to home directory dotfiles
SourceSKILL.md
| 19 | |
| 20 | ```bash |
| 21 | _UPD=$(~/.claude/skills/gstack/bin/gstack-update-check 2>/dev/null || .claude/skills/gstack/bin/gstack-update-check 2>/dev/null || true) |
| 22 | [ -n "$_UPD" ] && echo "$_UPD" || true |
| 23 | mkdir -p ~/.gstack/sessions |
low line 23
Access to home directory dotfiles
SourceSKILL.md
| 21 | _UPD=$(~/.claude/skills/gstack/bin/gstack-update-check 2>/dev/null || .claude/skills/gstack/bin/gstack-update-check 2>/dev/null || true) |
| 22 | [ -n "$_UPD" ] && echo "$_UPD" || true |
| 23 | mkdir -p ~/.gstack/sessions |
| 24 | touch ~/.gstack/sessions/"$PPID" |
| 25 | _SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ') |
low line 24
Access to home directory dotfiles
SourceSKILL.md
| 22 | [ -n "$_UPD" ] && echo "$_UPD" || true |
| 23 | mkdir -p ~/.gstack/sessions |
| 24 | touch ~/.gstack/sessions/"$PPID" |
| 25 | _SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ') |
| 26 | find ~/.gstack/sessions -mmin +120 -type f -delete 2>/dev/null || true |
low line 25
Access to home directory dotfiles
SourceSKILL.md
| 23 | mkdir -p ~/.gstack/sessions |
| 24 | touch ~/.gstack/sessions/"$PPID" |
| 25 | _SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ') |
| 26 | find ~/.gstack/sessions -mmin +120 -type f -delete 2>/dev/null || true |
| 27 | _CONTRIB=$(~/.claude/skills/gstack/bin/gstack-config get gstack_contributor 2>/dev/null || true) |
low line 26
Access to home directory dotfiles
SourceSKILL.md
| 24 | touch ~/.gstack/sessions/"$PPID" |
| 25 | _SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ') |
| 26 | find ~/.gstack/sessions -mmin +120 -type f -delete 2>/dev/null || true |
| 27 | _CONTRIB=$(~/.claude/skills/gstack/bin/gstack-config get gstack_contributor 2>/dev/null || true) |
| 28 | ``` |
low line 27
Access to home directory dotfiles
SourceSKILL.md
| 25 | _SESSIONS=$(find ~/.gstack/sessions -mmin -120 -type f 2>/dev/null | wc -l | tr -d ' ') |
| 26 | find ~/.gstack/sessions -mmin +120 -type f -delete 2>/dev/null || true |
| 27 | _CONTRIB=$(~/.claude/skills/gstack/bin/gstack-config get gstack_contributor 2>/dev/null || true) |
| 28 | ``` |
| 29 |
medium line 30
Access to home directory dotfiles
SourceSKILL.md
| 28 | ``` |
| 29 | |
| 30 | If output shows `UPGRADE_AVAILABLE <old> <new>`: read `~/.claude/skills/gstack/gstack-upgrade/SKILL.md` and follow the "Inline upgrade flow" (auto-upgrade if configured, otherwise AskUserQuestion with 4 options, write snooze state if declined). If `JUST_UPGRADED <from> <to>`: tell user "Running gstack v{to} (just updated!)" and continue. |
| 31 | |
| 32 | ## AskUserQuestion Format |
medium line 51
Access to home directory dotfiles
SourceSKILL.md
| 49 | **NOT gstack issues:** user's app bugs, network errors to user's URL, auth failures on user's site. |
| 50 | |
| 51 | **To file:** write `~/.gstack/contributor-logs/{slug}.md` with this structure: |
| 52 | |
| 53 | ``` |
medium line 71
Access to home directory dotfiles
SourceSKILL.md
| 69 | ``` |
| 70 | |
| 71 | Then run: `mkdir -p ~/.gstack/contributor-logs && open ~/.gstack/contributor-logs/{slug}.md` |
| 72 | |
| 73 | Slug: lowercase, hyphens, max 60 chars (e.g. `browse-snapshot-ref-gap`). Skip if file already exists. Max 3 reports per session. File inline and continue — don't stop the workflow. Tell user: "Filed gstack field report: {title}" |
Scanned on Mar 16, 2026
View Security Dashboard