The Agent Skills Directory

[SAFE]: The skill emphasizes security best practices through dedicated documentation in reference/security-patterns.md, which covers secret management (environment variables, keyring, Infisical), input validation, and safe file operations.
[COMMAND_EXECUTION]: Example scripts like check_cluster_health_enhanced.py use subprocess.run to execute system commands (e.g., SSH, pvecm). These calls are implemented using list-based arguments to prevent shell injection and include hostname validation via regular expressions to ensure safety.
[EXTERNAL_DOWNLOADS]: The tools/convert_to_uv.py script makes network requests to the official PyPI JSON API (pypi.org) to resolve package versions. This is a standard and expected operation for a developer tool and uses well-known services.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill provides templates that use Infisical (a secret management platform) and environment variables for authentication. There are no hardcoded credentials; placeholders in documentation are clearly marked as examples and anti-patterns to avoid.
[REMOTE_CODE_EXECUTION]: No patterns of remote script execution (e.g., curl | bash) or unsafe dynamic code loading were found. The skill uses ast.parse for script analysis, which is a safe way to inspect code structure without execution.
[SAFE]: The provided validate_script.py utility acts as a security scanner for other scripts, detecting common issues like shell=True, hardcoded secrets, and unsafe usage of eval or exec.

python-uv-scripts