skillcheck
Analyzes Claude Code skills for security risks before installation, ensuring safe usage of third-party skills.
Install this skill
or
0/100
Security score
The skillcheck skill was audited on Feb 12, 2026 and we found 9 security issues across 2 threat categories, including 3 critical. Review the findings below before installing.
Categories Tested
Security Issues
critical line 69
Piping content to bash shell
SourceSKILL.md
| 69 | - **Remote Code Execution**: Downloads and executes code (`curl | bash`, `eval`, base64-encoded payloads) |
high line 138
Piping content to bash shell
SourceSKILL.md
| 138 | • Remote code exec: curl | bash pattern (SKILL.md:27) |
medium line 67
Access to hidden dotfiles in home directory
SourceSKILL.md
| 67 | - **Credential Access**: Reads `~/.ssh/*`, `~/.aws/*`, `~/.gnupg/*`, `~/.config/gh/*` |
low line 136
Access to hidden dotfiles in home directory
SourceSKILL.md
| 136 | • Credential theft: reads ~/.ssh/*, ~/.aws/* (SKILL.md:39-46) |
critical line 67
Access to SSH directory
SourceSKILL.md
| 67 | - **Credential Access**: Reads `~/.ssh/*`, `~/.aws/*`, `~/.gnupg/*`, `~/.config/gh/*` |
high line 136
Access to SSH directory
SourceSKILL.md
| 136 | • Credential theft: reads ~/.ssh/*, ~/.aws/* (SKILL.md:39-46) |
critical line 67
Access to AWS credentials directory
SourceSKILL.md
| 67 | - **Credential Access**: Reads `~/.ssh/*`, `~/.aws/*`, `~/.gnupg/*`, `~/.config/gh/*` |
high line 136
Access to AWS credentials directory
SourceSKILL.md
| 136 | • Credential theft: reads ~/.ssh/*, ~/.aws/* (SKILL.md:39-46) |
medium line 68
Access to .env file
SourceSKILL.md
| 68 | - **Secret Files**: Accesses `.env`, `credentials.json`, `secrets.*`, `*.pem`, `*.key` |
Scanned on Feb 12, 2026
View Security Dashboard