amy-expert
Provides patterns for extending the Amy CLI, ensuring compliance with its public contract and facilitating command additions.
Install this skill
or
64/100
Security score
The amy-expert skill was audited on May 12, 2026 and we found 8 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 76
Access to hidden dotfiles in home directory
SourceSKILL.md
| 76 | ### Rule 4 — `~/.amy/` is the whole world |
medium line 78
Access to hidden dotfiles in home directory
SourceSKILL.md
| 78 | State is reloaded from `~/.amy/` on every invocation. No singletons, |
medium line 84
Access to hidden dotfiles in home directory
SourceSKILL.md
| 84 | - `~/.amy/shared/events-store/` — one file-backed Nostr event store |
medium line 86
Access to hidden dotfiles in home directory
SourceSKILL.md
| 86 | - `~/.amy/<account>/` — per-account dir: `identity.json`, |
medium line 88
Access to hidden dotfiles in home directory
SourceSKILL.md
| 88 | - `~/.amy/current` — marker file written by `amy use NAME` to pin |
medium line 105
Access to hidden dotfiles in home directory
SourceSKILL.md
| 105 | named JSON schema. Don't smuggle state into `~/.amy/` outside the |
low line 169
Access to hidden dotfiles in home directory
SourceSKILL.md
| 169 | ├── Config.kt # Identity, RunState, DataDir (~/.amy layout) |
medium line 173
Access to system keychain/keyring
SourceSKILL.md
| 173 | ├── secrets/ # SecretStore backends (keychain / ncryptsec / plaintext) |
Scanned on May 12, 2026
View Security Dashboard