Skill Security Auditor

Tier: POWERFUL Category: Engineering / Security Maintainer: Claude Skills Team

Overview

Scan and audit AI agent skills for security risks before installation. Performs static analysis on code files for dangerous patterns, scans markdown files for prompt injection, validates dependency supply chains, checks file system boundaries, and detects obfuscation. Produces a structured PASS / WARN / FAIL verdict with findings categorized by severity and actionable remediation guidance.

Keywords

skill security, AI security, prompt injection, code audit, supply chain, dependency scanning, data exfiltration, credential harvesting, obfuscation detection, pre-install security

Core Capabilities

1. Code Execution Risk Detection

• Command injection: os.system(), subprocess.call(shell=True), backtick execution
• Code execution: eval(), exec(), compile(), __import__()
• Obfuscation: base64-encoded payloads, hex strings, chr() chains