SSkilltecabyclaudinhocode
Enviar skill
← Voltar para o catálogo

skill-auditor

Segurança

Security auditor for installed Claude skills. Scans skills for malicious patterns including prompt injection, data exfiltration, obfuscated code, credential harvesting, and behavioral manipulation. Use when the user says "audit skills," "check skills for malware," "scan skills," "are my skills safe," "review skill security," "/audit-skills," or after installing new skills and wanting to verify saf

0estrelas
Ver no GitHub ↗Autor: winterje90Licença: MIT

Skill Auditor

Scan installed skills for suspicious or malicious patterns and provide actionable security recommendations.

Usage

/audit-skills              # Scan all installed skills
/audit-skills <name>       # Scan a specific skill

Workflow

1. Run the scanner

Execute the audit script:

# All skills
python3 ~/.claude/skills/skill-auditor/scripts/audit_skills.py

# Single skill
python3 ~/.claude/skills/skill-auditor/scripts/audit_skills.py <skill-name>

# Custom skills directory
python3 ~/.claude/skills/skill-auditor/scripts/audit_skills.py --skills-dir /path/to/skills

2. Triage findings

For each finding, determine if the pattern is justified by the skill's purpose. Consult references/threat-patterns.md for triage guidance on ambiguous results.

Key triage questions:

  • Does the skill's stated purpose justify this pattern?
  • Is the pattern in executable code (higher risk) or documentation (lower risk)?
  • Are there multiple findings compounding risk in the same skill?

3. Report results

Present findings organized by skill, severity-sorted. For each finding with severity HIGH or above:

  1. State the finding and which file/line triggered it
  2. Assess whether it appears legitimate or suspicious given the skill's purpose
  3. Recommend one of: Safe (pattern justified), Investigate (read the code manually), Remove (clearly malicious or unjustified risk)

4. Summary

End with an overall assessment:

  • How many skills are clean
  • Which skills need attention
  • Specific removal recommendations for anything clearly malicious

Detection Categories

CategoryIDsWhat it catches
Prompt InjectionINJECT-*System prompt overrides, role impersonation, hidden instructions
Data ExfiltrationEXFIL-*Hardcoded URLs, network requests, env var access in scripts
FilesystemFS-*Sensitive path access, destructive operations
Code ExecutionEXEC-*eval/exec, subprocess with shell=True, os.system
ObfuscationOBFUSC-*Base64 decoding, hex sequences, character building
BehavioralBEHAV-*Hiding actions, bypassing safety, scope expansion
InformationalINFO-*File writes, git operations (low risk, noted for awareness)

False Positive Guidance

Some patterns are expected in certain skills:

  • Browser automation skills: Network requests are normal
  • Deployment skills: Shell execution and env var access may be justified
  • File processing skills: File write operations are expected
  • The skill-auditor itself: Self-exempted from its own pattern list

When a finding appears legitimate, say so explicitly and explain why.

Como adicionar

/plugin marketplace add winterje90/skill-auditor

O comando exato pode variar conforme o repositório. Confira o README no GitHub.

Comentários · Nenhum comentário

Entre para comentar. Entrar

  • Ainda não há comentários. Seja o primeiro.