Skip to main content

skillsafe

Facilitates scanning, saving, sharing, and verifying AI skills through the SkillSafe secured skill registry.

Install this skill

or
0/100

Security score

The skillsafe skill was audited on Apr 3, 2026 and we found 19 security issues across 6 threat categories, including 4 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 68

Direct command execution function call

SourceSKILL.md
66```
67Runs 11 scan passes:
681. **Python AST analysis** — detects `eval()`, `exec()`, `os.system()`, `subprocess.*`, etc.
692. **JS/TS regex analysis** — detects `eval()`, `new Function()`, `child_process`, etc.
703. **Secret detection** — AWS keys, GitHub tokens, private keys, generic API keys
critical line 68

Eval function call

SourceSKILL.md
66```
67Runs 11 scan passes:
681. **Python AST analysis** — detects `eval()`, `exec()`, `os.system()`, `subprocess.*`, etc.
692. **JS/TS regex analysis** — detects `eval()`, `new Function()`, `child_process`, etc.
703. **Secret detection** — AWS keys, GitHub tokens, private keys, generic API keys
critical line 69

Eval function call

SourceSKILL.md
67Runs 11 scan passes:
681. **Python AST analysis** — detects `eval()`, `exec()`, `os.system()`, `subprocess.*`, etc.
692. **JS/TS regex analysis** — detects `eval()`, `new Function()`, `child_process`, etc.
703. **Secret detection** — AWS keys, GitHub tokens, private keys, generic API keys
714. **Prompt injection + inducement language** — explicit override patterns and softer social-engineering phrases in `.md`/`.txt`/`.yaml` files (e.g. "run the included setup script", "for the tool to function")
high line 68

System command execution

SourceSKILL.md
66```
67Runs 11 scan passes:
681. **Python AST analysis** — detects `eval()`, `exec()`, `os.system()`, `subprocess.*`, etc.
692. **JS/TS regex analysis** — detects `eval()`, `new Function()`, `child_process`, etc.
703. **Secret detection** — AWS keys, GitHub tokens, private keys, generic API keys
low line 194

Command substitution pattern

SourceSKILL.md
192To get the path in one shot:
193```bash
194ls -t ~/.claude/projects/$(python3 -c "import os,re; print(re.sub(r'[/.]','-',os.getcwd()))")/*.jsonl 2>/dev/null | head -3
195```
196
medium line 21

Curl to non-GitHub URL

SourceSKILL.md
19SKILL_DIR="~/.claude/skills/skillsafe"
20mkdir -p "$SKILL_DIR/scripts"
21curl -fsSL https://skillsafe.ai/scripts/skillsafe.py -o "$SKILL_DIR/scripts/skillsafe.py"
22python3 "$SKILL_DIR/scripts/skillsafe.py" update
23```
low line 19

Access to home directory dotfiles

SourceSKILL.md
17
18```bash
19SKILL_DIR="~/.claude/skills/skillsafe"
20mkdir -p "$SKILL_DIR/scripts"
21curl -fsSL https://skillsafe.ai/scripts/skillsafe.py -o "$SKILL_DIR/scripts/skillsafe.py"
medium line 27

Access to home directory dotfiles

SourceSKILL.md
25This installs `SKILL.md`, `submit-skill-demo.md`, and `submit-demo-comment.md` alongside the script.
26
27> The example above installs globally for Claude Code (`~/.claude/skills/`). Replace `SKILL_DIR` with the appropriate path for your tool.
28
29### Updating
medium line 61

Access to home directory dotfiles

SourceSKILL.md
59python3 <skill-dir>/scripts/skillsafe.py auth
60```
61First checks if a saved API key in `~/.skillsafe/config.json` is still valid. If valid, prints account info and exits. If the key is missing, expired, or revoked, opens your browser to sign in (via Google or API key) and saves a new API key. The CLI waits for browser authorization automatically.
62
63### Scan — Security scan a skill directory
medium line 100

Access to home directory dotfiles

SourceSKILL.md
98python3 <skill-dir>/scripts/skillsafe.py install @<namespace>/<skill-name> [--version <ver>] [--skills-dir <dir>] [--tool <name>]
99```
100Downloads the archive, verifies the tree hash matches, scans the downloaded files, submits a verification report, and installs. By default (no flags), installs into the **current project's `.claude/skills/`** directory so the agent can use it immediately without restarting. Use `--tool project` to make this explicit. Use `--tool <name>` to install into a known tool's **global** skills directory (`--tool claude` → `~/.claude/skills/`, `--tool cursor`, `--tool windsurf`, `--tool openclaw`). Use `--skills-dir <path>` for any other tool — pass the parent directory and the skill will be placed in a subdirectory named after the skill.
101
102The install command does more than download — it independently re-scans the files and submits that report to the server, which compares it against the sharer's original scan. This is the consumer side of dual-side verification: if someone tampered with the archive between publishing and download, the tree hash will mismatch and the install will be blocked. Running the scan locally (rather than trusting the server's copy) is what makes this meaningful — it's the consumer's independent check, not just a server-side assertion.
medium line 181

Access to home directory dotfiles

SourceSKILL.md
179**Step 1 — Find the session file**
180
181Claude Code saves sessions as JSONL files under `~/.claude/projects/<project-dir>/`. The project directory name is the absolute project path with every `/` and `.` replaced by `-`:
182
183```bash
low line 189

Access to home directory dotfiles

SourceSKILL.md
187
188# List the most recent sessions for this project
189ls -lt ~/.claude/projects/<project-dir>/*.jsonl 2>/dev/null | head -5
190```
191
low line 194

Access to home directory dotfiles

SourceSKILL.md
192To get the path in one shot:
193```bash
194ls -t ~/.claude/projects/$(python3 -c "import os,re; print(re.sub(r'[/.]','-',os.getcwd()))")/*.jsonl 2>/dev/null | head -3
195```
196
medium line 238

Access to home directory dotfiles

SourceSKILL.md
236python3 <skill-dir>/scripts/skillsafe.py list
237```
238Shows skills from multiple locations: all known tool directories (Claude Code, Cursor, Windsurf, Codex, Gemini, OpenCode, OpenClaw, Cline, Roo, Goose, Copilot, Kiro, Trae, AMP, Aider, VS Code, Antigravity, ClawdBot, Droid, Kilo Code), SkillSafe registry skills (`~/.skillsafe/skills/`), and project-level skills. Use `--skills-dir <path>` to include additional directories.
239
240## Improving & Iterating on Skills
medium line 398

Access to home directory dotfiles

SourceSKILL.md
396## Configuration
397
398Credentials are stored in `~/.skillsafe/config.json`. By default, `install` places skills in `.claude/skills/` in the current project directory. Use `--tool <name>` for global install to the tool's standard location, or `--skills-dir <path>` for a custom location. Supported tools: `claude` → `~/.claude/skills/`, `cursor` → `~/.cursor/skills/`, `windsurf` → `~/.windsurf/skills/`, `codex` → `~/.agents/skills/`, `gemini` → `~/.gemini/skills/`, `opencode` → `~/.config/opencode/skills/`, `openclaw` → `~/.openclaw/workspace/skills/`, `cline` → `~/.cline/skills/`, `roo` → `~/.roo/skills/`, `goose` → `~/.config/goose/skills/`, `copilot` → `~/.config/github-copilot/skills/`, `kiro` → `~/.kiro/skills/`, `trae` → `~/.trae/skills/`, `amp` → `~/.amp/skills/`, `aider` → `~/.aider/skills/`, `vscode` → `~/.vscode/skills/`.
399
400## Security Model
critical line 72

Reverse shell reference

SourceSKILL.md
703. **Secret detection** — AWS keys, GitHub tokens, private keys, generic API keys
714. **Prompt injection + inducement language** — explicit override patterns and softer social-engineering phrases in `.md`/`.txt`/`.yaml` files (e.g. "run the included setup script", "for the tool to function")
725. **Shell threat patterns** — exfiltration, persistence, reverse shells, recon, ClickFix
736. **Binary file detection** — bundled executables/libraries
747. **base64 deep-scan** — decodes blobs and re-scans for hidden payloads
high line 45

Urgency-based manipulation

SourceSKILL.md
43```
44
45**Installing into the current project:** By default (no flags), `install` places the skill in `.claude/skills/` inside the current working directory so it is immediately available to the agent for this project. Use `--tool project` to make this explicit. Use `--tool <name>` (`claude`, `cursor`, `windsurf`, `codex`, `gemini`, `opencode`, `openclaw`, `cline`, `roo`, `goose`, `copilot`, `kiro`, `trae`, `amp`, `aider`, `vscode`, `antigravity`, `clawdbot`, `droid`, `kilo`) to install globally instead. For any other tool, use `--skills-dir <path>` with that tool's skills directory path.
46
47## Available Commands
high line 100

Urgency-based manipulation

SourceSKILL.md
98python3 <skill-dir>/scripts/skillsafe.py install @<namespace>/<skill-name> [--version <ver>] [--skills-dir <dir>] [--tool <name>]
99```
100Downloads the archive, verifies the tree hash matches, scans the downloaded files, submits a verification report, and installs. By default (no flags), installs into the **current project's `.claude/skills/`** directory so the agent can use it immediately without restarting. Use `--tool project` to make this explicit. Use `--tool <name>` to install into a known tool's **global** skills directory (`--tool claude` → `~/.claude/skills/`, `--tool cursor`, `--tool windsurf`, `--tool openclaw`). Use `--skills-dir <path>` for any other tool — pass the parent directory and the skill will be placed in a subdirectory named after the skill.
101
102The install command does more than download — it independently re-scans the files and submits that report to the server, which compares it against the sharer's original scan. This is the consumer side of dual-side verification: if someone tampered with the archive between publishing and download, the tree hash will mismatch and the install will be blocked. Running the scan locally (rather than trusting the server's copy) is what makes this meaningful — it's the consumer's independent check, not just a server-side assertion.
high line 16

Download and run instruction

SourceSKILL.md
14### Installation
15
16Requires Python 3. Download the CLI script and run `update` to pull all remaining files:
17
18```bash
Scanned on Apr 3, 2026
View Security Dashboard
Installation guide →
GitHub Stars 1
Rate this skill
Categorycontent media
UpdatedApril 10, 2026
openclawapitechnical-writerdevops-sreml-ai-engineercontent mediadevelopment
skillsafe/skillsafe-cli