skills-audit
Conducts comprehensive security audits of AI Agent skills to identify vulnerabilities and ensure safe deployment.
Install this skill
Security score
The skills-audit skill was audited on May 12, 2026 and we found 24 security issues across 5 threat categories, including 8 critical. Review the findings below before installing.
Categories Tested
Security Issues
Direct command execution function call
| 56 | - **Remote Code Execution**: `eval()`, `exec()`, `subprocess`, `curl | bash` |
Direct command execution function call
| 202 | - **Remote Code Execution**: `curl | bash`, `eval()`, `exec()` |
Eval function call - arbitrary code execution
| 56 | - **Remote Code Execution**: `eval()`, `exec()`, `subprocess`, `curl | bash` |
Eval function call - arbitrary code execution
| 202 | - **Remote Code Execution**: `curl | bash`, `eval()`, `exec()` |
Template literal with variable interpolation in command context
| 21 | ```bash |
Piping content to bash shell
| 56 | - **Remote Code Execution**: `eval()`, `exec()`, `subprocess`, `curl | bash` |
Piping content to bash shell
| 117 | "code_snippet": "echo 'L2Jpbi9iYXNoIC1jIC...' | base64 -D | bash", |
Piping content to bash shell
| 202 | - **Remote Code Execution**: `curl | bash`, `eval()`, `exec()` |
Webhook reference - potential data exfiltration
| 136 | - **Webhook is NOT sent during this step** -- it will be sent after your comprehensive analysis |
Webhook reference - potential data exfiltration
| 138 | 3. **Send final webhook notification** (optional, if notifications are configured) |
Webhook reference - potential data exfiltration
| 139 | After completing comprehensive analysis (including false positive filtering), send the webhook: |
Webhook reference - potential data exfiltration
| 145 | from skill_audit.integrations import send_final_webhook |
Webhook reference - potential data exfiltration
| 146 | send_final_webhook(report_path='<report_path>') |
Webhook reference - potential data exfiltration
| 149 | This ensures the webhook contains the final, accurate results after your analysis. |
Webhook reference - potential data exfiltration
| 256 | - **Webhook is deferred** until after Claude's comprehensive analysis (false positive filtering) |
Access to hidden dotfiles in home directory
| 25 | ~/.claude/skills/skills-audit/skill_audit/cli_wrapper.py \ |
Access to hidden dotfiles in home directory
| 26 | ~/.claude/skills/skill-audit/skill_audit/cli_wrapper.py \ |
Access to hidden dotfiles in home directory
| 220 | custom_report_dir: ~/.claude/audit-reports |
Access to hidden dotfiles in home directory
| 253 | - **Reports saved to ~/.claude/audit-reports/** by default (configurable) |
Access to .env file
| 57 | - **Credential Leaks**: Hardcoded API keys, passwords, tokens, .env files |
Access to .env file
| 203 | - **Credential Leaks**: Hardcoded API keys, passwords, .env files |
Base64 decode operation
| 119 | "scenario": "User follows installation instructions, base64 decodes to malicious payload, executes with shell privileges", |
Prompt injection: ignore instructions
| 59 | - **Prompt Injection**: "Ignore previous instructions", role manipulation |
Prompt injection: ignore instructions
| 206 | - **Prompt Injection**: "Ignore previous instructions" |