Security Auditor

Audit skills for security risks before installing or using them.

Purpose

Skills can request permissions and access that may be:

• Overreaching (accessing data they shouldn't need)
• Suspicious (behaving oddly, phoning home, etc.)
• Outdated (known vulnerabilities in dependencies)

This skill helps you audit them.

When to Run

Audit Workflow

Step 1: Quick Scan

python3 scripts/audit.py --scan

Checks:

• File access patterns
• Network access requests
• Suspicious API usage
• Permission requests

Step 2: Detailed Audit

python3 scripts/audit.py --audit <skill-path>

Performs deep analysis:

• Code pattern analysis
• Dependency checking
• Permission mapping
• Risk scoring

Step 3: Generate Report

python3 scripts/audit.py --report <skill-path> --output report.md

Creates detailed security report.

Step 4: Compare Skills

python3 scripts/audit.py --compare <skill1-path> <skill2-path>

Compare security posture of two skills.

Risk Levels

Red Flags to Watch For

File Access

• Accessing ~/.ssh/ or ~/.aws/
• Reading password, secret, key files
• Writing to system directories
• Accessing other users' directories

Network

• Exfiltrating data to unknown servers
• DNS rebinding patterns
• Encrypted payloads to unfamiliar domains

Permissions

• Requesting exec with no scope limitation
• Reading memory or process info
• Keylogging or screenshot capabilities
• Accessing other installed skills' data

Code Patterns

• Obfuscated code
• Dynamic code generation
• Shell commands without sanitization
• Credential harvesting patterns

Files

• scripts/audit.py — Main audit script
• scripts/scan_skill.py — Skill-specific scanner
• references/rules.md — Security rules and patterns
• references/permissions.md — Permission reference guide