陌讯skills聚合平台

skills-security-audit

📁 agentnode-dev/skills-security-audit 📅 5 days ago
2
总安装量
2
周安装量
#64730
全站排名
安装命令
npx skills add https://github.com/agentnode-dev/skills-security-audit --skill skills-security-audit

Agent 安装分布

amp 2
github-copilot 2
codex 2
kimi-cli 2
gemini-cli 2
cursor 2

Skill 文档

Skill Security Audit

Overview

Scan and audit AI agent skills, plugins, and tool definitions for security vulnerabilities across nine risk categories aligned with the OWASP Agentic AI Top 10 (ASI01 through ASI10). This skill works cross-platform with Claude Code, OpenClaw, and any AI agent platform that uses file-based skill definitions. Rather than relying on brittle regex patterns, it performs AI-powered semantic analysis to detect prompt injection, data exfiltration, obfuscated code, privilege escalation, supply chain attacks, memory poisoning, trust boundary violations, and behavioral manipulation. Each audit produces a structured risk report with severity ratings, evidence citations, and actionable remediation guidance.

When to Use

  • Before installing any third-party skill or plugin from a marketplace
  • When reviewing skills downloaded from OpenClaw, ClawHub, or other registries
  • Periodic audit of all installed skills and plugins
  • When a skill requests unusual permissions or behaves unexpectedly

Security Check Categories

ID Category Severity OWASP ASI
PI Prompt Injection CRITICAL ASI01
DE Data Exfiltration CRITICAL ASI02
CE Malicious Command Execution CRITICAL ASI02, ASI05
OB Obfuscated/Hidden Code WARNING —
PA Privilege Over-Request WARNING ASI03
SC Supply Chain Risks WARNING ASI04
MP Memory/Context Poisoning WARNING ASI06
TE Human Trust Exploitation WARNING ASI09
BM Behavioral Manipulation INFO ASI10

Load references/security-rules.md for detailed detection patterns, examples, and false positive guidance.

Audit Workflow

Phase 1: Determine Scan Scope

  • If user specifies a directory path, scan all files in that directory recursively.
  • If user says “scan installed”, scan platform-specific skill directories:
    • Claude Code: ~/.claude/plugins/cache/
    • Other platforms: ask user for the directory path.
  • If user provides a GitHub URL, use WebFetch to retrieve the repository content, or clone it locally.
  • Scan these file types: .md, .json, .js, .py, .sh, .ts, .yaml, .yml
  • List all files found and confirm with user before proceeding.

Phase 2: Analyze Each File

  • Load references/security-rules.md for detailed detection patterns.
  • Read each file using the Read tool.
  • Check file content against all 9 categories (PI, DE, CE, OB, PA, SC, MP, TE, BM).
  • For each finding, record: rule ID (e.g., PI-001), severity, file path and line number, description, and recommended action.
  • Apply context-aware judgment — not every pattern match is a true positive.
  • When a single code block triggers multiple rules, report each applicable rule separately. Cross-category overlap (e.g., OB + CE + PI on the same line) increases confidence that the finding is a true positive.
  • Consider the skill’s stated purpose when evaluating findings. A security auditing skill will naturally reference dangerous patterns.

Phase 3: Generate Report

  • Calculate risk score using the scoring formula below.
  • Output the structured report using the template below.
  • For batch scans of multiple skills, output a summary table at the end.

Report Template

Output this format after completing the audit:

## Skill Security Audit Report

### Target: [skill-name] [version if available]
### Risk Score: X.X/10 ([LEVEL])

---

### CRITICAL

- [PI-001] file.md:42 — Description of finding
  Risk: Why this is dangerous
  Action: Recommended response

### WARNING

- [OB-003] script.js:15 — Description of finding
  Risk: Why this is concerning
  Action: Recommended response

### INFO

- [BM-002] SKILL.md:88 — Description of finding
  Risk: Why this is worth noting
  Action: Recommended response

---

### Summary
- CRITICAL: N
- WARNING: N
- INFO: N
- Risk Score: X.X/10 — [Overall recommendation]

Scoring

Calculate risk score:

  • Each CRITICAL finding: +2.0 points
  • Each WARNING finding: +0.8 points
  • Each INFO finding: +0.2 points
  • Maximum score: 10.0

Risk levels:

  • 0.0–2.0: SAFE — No significant risks found.
  • 2.1–5.0: RISKY — Manual review recommended before use.
  • 5.1–8.0: DANGEROUS — Do not install.
  • 8.1–10.0: MALICIOUS — Confirmed malicious intent. Report to marketplace.

Batch Scan Summary

When scanning multiple skills, output a summary table:

Skill Score Level CRITICAL WARNING INFO

False Positive Guidance

  • Consider the skill’s legitimate purpose before flagging.
  • A security auditing skill will naturally reference dangerous patterns — this is not malicious.
  • Development tools may legitimately need Bash access.
  • Look for intent, not just pattern presence.
  • When uncertain, report the finding with a note explaining the ambiguity.
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。