Does this tool execute the code it scans?

No, it uses static analysis to identify risky patterns. This ensures the scanner itself is safe to use even when inspecting malicious code.

How does the 'Strict Mode' work?

In strict mode, any 'WARN' level finding (like unpinned dependencies) is automatically treated as a 'FAIL,' enforcing a zero-tolerance security policy.

Can I audit skills directly from a Git repository?

Yes, the auditor can clone and scan remote repositories by providing the Git URL, allowing you to verify safety before local installation.

What file types does the security auditor scan?

It performs analysis on Python (.py), Bash (.sh), and JavaScript/TypeScript (.js, .ts) files, as well as Markdown (.md) files for configuration risks.

Skill Security Auditor

Name: Skill Security Auditor
Author: oabdelmaksoud

byoabdelmaksoud

0•

セキュリティとテスト

Audits and scans AI agent skills for security vulnerabilities, malicious code, and prompt injection risks before installation.

Skill Security Auditor is a specialized security gateway designed to protect AI environments by scanning third-party skills and plugins for potential threats. It performs deep static analysis on Python, Shell, and JavaScript code to detect command injections, obfuscated payloads, and data exfiltration patterns. Beyond code, it evaluates SKILL.md files for prompt injection attempts and validates dependency chains to prevent supply chain attacks, providing a clear PASS/WARN/FAIL verdict with actionable remediation steps to ensure your Claude Code environment remains secure.

主な機能

01Filesystem boundary validation to prevent unauthorized access to sensitive directories.

02Deep static analysis for command injection and unsafe code execution (eval, exec, subprocess).

030 GitHub stars

04Prompt injection detection within documentation and SKILL.md system instructions.

05Dependency supply chain risk assessment and package typosquatting detection.

06Comprehensive PASS/WARN/FAIL reporting with detailed remediation guidance for findings.

ユースケース

01Auditing local skill developments for accidental credential leaks or unsafe patterns.

02Integrating security gates into CI/CD pipelines for automated skill verification.

03Evaluating third-party AI skills from untrusted sources or public GitHub repositories.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add oabdelmaksoud/superclaw skill-security-auditor

For use in Claude.ai and ChatGPT

主な機能

01Filesystem boundary validation to prevent unauthorized access to sensitive directories.

02Deep static analysis for command injection and unsafe code execution (eval, exec, subprocess).

030 GitHub stars

04Prompt injection detection within documentation and SKILL.md system instructions.

05Dependency supply chain risk assessment and package typosquatting detection.

06Comprehensive PASS/WARN/FAIL reporting with detailed remediation guidance for findings.

ユースケース

01Auditing local skill developments for accidental credential leaks or unsafe patterns.

02Integrating security gates into CI/CD pipelines for automated skill verification.

03Evaluating third-party AI skills from untrusted sources or public GitHub repositories.