skills-audit
Conducts security audits of locally installed agent skills using SkillLens CLI to identify risks and policy issues.
Install this skill
or
60/100
Security score
The skills-audit skill was audited on Mar 8, 2026 and we found 4 security issues across 2 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
critical line 39
Piping content to bash shell
SourceSKILL.md
| 39 | - **Execution**: instructions to run arbitrary shell commands, `curl | bash`, `eval`, or to fetch-and-execute code. |
medium line 22
Access to hidden dotfiles in home directory
SourceSKILL.md
| 22 | - Prefer a concrete target path (example: `~/.codex/skills`) unless the user explicitly wants all configured roots. |
medium line 52
Access to hidden dotfiles in home directory
SourceSKILL.md
| 52 | - Scan a specific folder: `skilllens scan ~/.codex/skills` |
medium line 53
Access to hidden dotfiles in home directory
SourceSKILL.md
| 53 | - Force a re-audit and show raw output: `skilllens scan ~/.codex/skills --force --verbose` |
Scanned on Mar 8, 2026
View Security DashboardInstall this skill with one command
/learn @mmcmedia/skill-audit