Skip to main content

cli-author

Enables the creation of Node.js CLI tools with zero dependencies, focusing on argument parsing and interactive prompts.

Install this skill

or
0/100

Security score

The cli-author skill was audited on Feb 9, 2026 and we found 19 security issues across 3 threat categories, including 3 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 273

Direct command execution function call

SourceSKILL.md
273const output = execSync('node bin/mytool.js --help', {
high line 281

Direct command execution function call

SourceSKILL.md
281execSync('node bin/mytool.js --invalid', {
high line 292

Direct command execution function call

SourceSKILL.md
292const output = execSync('node bin/mytool.js test.txt', {
medium line 57

Template literal with variable interpolation in command context

SourceSKILL.md
57console.error(`Unknown option: ${error.message}`);
medium line 106

Template literal with variable interpolation in command context

SourceSKILL.md
106console.error(`Unknown command: ${command}`);
medium line 177

Template literal with variable interpolation in command context

SourceSKILL.md
177const success = (msg) => console.log(`${colors.green}✓${colors.reset} ${msg}`);
medium line 178

Template literal with variable interpolation in command context

SourceSKILL.md
178const error = (msg) => console.error(`${colors.red}✗${colors.reset} ${msg}`);
medium line 179

Template literal with variable interpolation in command context

SourceSKILL.md
179const warn = (msg) => console.warn(`${colors.yellow}⚠${colors.reset} ${msg}`);
medium line 236

Template literal with variable interpolation in command context

SourceSKILL.md
236process.stdout.write(`\r${frames[i++ % frames.length]} Processing...`);
medium line 253

Template literal with variable interpolation in command context

SourceSKILL.md
253return `[${bar}] ${Math.round(percent * 100)}%`;
medium line 258

Template literal with variable interpolation in command context

SourceSKILL.md
258process.stdout.write(`\r${progressBar(i, 100)}`);
low line 269

Node child_process module reference

SourceSKILL.md
269import { execSync } from 'node:child_process';
low line 165

Access to .env file

SourceSKILL.md
165const useColor = process.stdout.isTTY && !process.env.NO_COLOR;
medium line 168

Hex-encoded characters

SourceSKILL.md
168red: useColor ? '\x1b[31m' : '',
medium line 169

Hex-encoded characters

SourceSKILL.md
169green: useColor ? '\x1b[32m' : '',
medium line 170

Hex-encoded characters

SourceSKILL.md
170yellow: useColor ? '\x1b[33m' : '',
medium line 171

Hex-encoded characters

SourceSKILL.md
171blue: useColor ? '\x1b[34m' : '',
medium line 172

Hex-encoded characters

SourceSKILL.md
172dim: useColor ? '\x1b[2m' : '',
medium line 173

Hex-encoded characters

SourceSKILL.md
173reset: useColor ? '\x1b[0m' : '',
Scanned on Feb 9, 2026
View Security Dashboard
Installation guide →
GitHub Stars 106
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawbackendbackend-developerdevops-srefullstack-developerdevelopment
majiayu000/claude-skill-registry