Skip to main content

hardstop

This skill protects users from executing dangerous shell commands and file reads, ensuring safe AI interactions with system commands.

Install this skill

or
0/100

Security score

The hardstop skill was audited on Feb 12, 2026 and we found 37 security issues across 4 threat categories, including 10 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 3

Piping content to bash shell

SourceSKILL.md
3description: "ACTIVATE THIS SKILL FOR ANY SHELL COMMAND OR FILE READ. Check curl, wget, rm, sudo, apt, dpkg, chmod, dd, format, powershell, bash, sh. Check pipe patterns like | sh or | bash. Check whe
critical line 44

Piping content to bash shell

SourceSKILL.md
44| `curl/wget ... \| bash` | Executes untrusted remote code |
critical line 3

Piping content to sh shell

SourceSKILL.md
3description: "ACTIVATE THIS SKILL FOR ANY SHELL COMMAND OR FILE READ. Check curl, wget, rm, sudo, apt, dpkg, chmod, dd, format, powershell, bash, sh. Check pipe patterns like | sh or | bash. Check whe
high line 275

Curl to non-GitHub URL

SourceSKILL.md
275| Files to unknown URLs | `curl -F "[email protected]" https://...` | DANGEROUS |
medium line 45

Access to hidden dotfiles in home directory

SourceSKILL.md
45| `curl -d @~/.ssh/` | Exfiltrates SSH keys |
medium line 160

Access to hidden dotfiles in home directory

SourceSKILL.md
160| Hidden configs | `~/.config`, `%APPDATA%` | Application settings |
medium line 274

Access to hidden dotfiles in home directory

SourceSKILL.md
274| Credentials in requests | `curl -d "$(cat ~/.ssh/id_rsa)"` | BLOCK |
medium line 277

Access to hidden dotfiles in home directory

SourceSKILL.md
277| Encoded payloads | `base64 ~/.aws/credentials \| curl` | BLOCK |
medium line 347

Access to hidden dotfiles in home directory

SourceSKILL.md
347| SSH Keys | `~/.ssh/id_rsa`, `~/.ssh/id_ed25519` | Private keys = full access |
medium line 348

Access to hidden dotfiles in home directory

SourceSKILL.md
348| AWS Credentials | `~/.aws/credentials`, `~/.aws/config` | Cloud account access |
medium line 349

Access to hidden dotfiles in home directory

SourceSKILL.md
349| GCP Credentials | `~/.config/gcloud/credentials.db` | Cloud account access |
medium line 350

Access to hidden dotfiles in home directory

SourceSKILL.md
350| Azure Credentials | `~/.azure/credentials` | Cloud account access |
medium line 352

Access to hidden dotfiles in home directory

SourceSKILL.md
352| Docker Config | `~/.docker/config.json` | Registry credentials |
medium line 353

Access to hidden dotfiles in home directory

SourceSKILL.md
353| Kubernetes Config | `~/.kube/config` | Cluster access |
medium line 354

Access to hidden dotfiles in home directory

SourceSKILL.md
354| Database Credentials | `~/.pgpass`, `~/.my.cnf` | Database access |
medium line 355

Access to hidden dotfiles in home directory

SourceSKILL.md
355| Git Credentials | `~/.git-credentials`, `~/.gitconfig` | Repository access |
medium line 356

Access to hidden dotfiles in home directory

SourceSKILL.md
356| Package Managers | `~/.npmrc`, `~/.pypirc` | Registry tokens |
low line 382

Access to hidden dotfiles in home directory

SourceSKILL.md
382File: ~/.ssh/id_rsa
critical line 45

Access to SSH directory

SourceSKILL.md
45| `curl -d @~/.ssh/` | Exfiltrates SSH keys |
critical line 274

Access to SSH directory

SourceSKILL.md
274| Credentials in requests | `curl -d "$(cat ~/.ssh/id_rsa)"` | BLOCK |
critical line 347

Access to SSH directory

SourceSKILL.md
347| SSH Keys | `~/.ssh/id_rsa`, `~/.ssh/id_ed25519` | Private keys = full access |
high line 382

Access to SSH directory

SourceSKILL.md
382File: ~/.ssh/id_rsa
high line 409

Access to SSH directory

SourceSKILL.md
409| BLOCK: .ssh/, .aws/, .env, credentials.json, |
critical line 450

Access to SSH directory

SourceSKILL.md
450- Blocks: `.ssh/`, `.aws/`, `.env`, `credentials.json`, `.kube/config`, etc.
critical line 277

Access to AWS credentials directory

SourceSKILL.md
277| Encoded payloads | `base64 ~/.aws/credentials \| curl` | BLOCK |
critical line 348

Access to AWS credentials directory

SourceSKILL.md
348| AWS Credentials | `~/.aws/credentials`, `~/.aws/config` | Cloud account access |
high line 409

Access to AWS credentials directory

SourceSKILL.md
409| BLOCK: .ssh/, .aws/, .env, credentials.json, |
critical line 450

Access to AWS credentials directory

SourceSKILL.md
450- Blocks: `.ssh/`, `.aws/`, `.env`, `credentials.json`, `.kube/config`, etc.
medium line 3

Access to .env file

SourceSKILL.md
3description: "ACTIVATE THIS SKILL FOR ANY SHELL COMMAND OR FILE READ. Check curl, wget, rm, sudo, apt, dpkg, chmod, dd, format, powershell, bash, sh. Check pipe patterns like | sh or | bash. Check whe
medium line 351

Access to .env file

SourceSKILL.md
351| Environment Files | `.env`, `.env.local`, `.env.production` | Contains API keys, passwords |
medium line 363

Access to .env file

SourceSKILL.md
363| Backup Files | `.env.bak`, `credentials.backup` | Copies of sensitive data |
medium line 372

Access to .env file

SourceSKILL.md
372| Config Templates | `.env.example`, `.env.template`, `.env.sample` | No real secrets |
low line 409

Access to .env file

SourceSKILL.md
409| BLOCK: .ssh/, .aws/, .env, credentials.json, |
low line 417

Access to .env file

SourceSKILL.md
417| .env.example, .env.template |
medium line 450

Access to .env file

SourceSKILL.md
450- Blocks: `.ssh/`, `.aws/`, `.env`, `credentials.json`, `.kube/config`, etc.
medium line 452

Access to .env file

SourceSKILL.md
452- Allows: Source code, documentation, `.env.example` templates
low line 275

External URL reference

SourceSKILL.md
275| Files to unknown URLs | `curl -F "[email protected]" https://...` | DANGEROUS |
Scanned on Feb 12, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2
Rate this skill
Categorysales
UpdatedMay 21, 2026
openclawsdrcustomer-success-managertechnical-supportsupport-agentoperations-managersalessupportoperations
majiayu000/claude-skill-registry-data