The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the subprocess module in several scripts (run_eval.py, improve_description.py, run_loop.py) to interact with the claude CLI. These calls are used to execute evaluation queries and generate improved skill descriptions. The commands are constructed as lists and do not use a shell, mitigating risks of shell injection.
[COMMAND_EXECUTION]: The generate_review.py script executes the lsof command via subprocess to manage local network ports. This allows the tool to identify and terminate existing processes on its target port (default 3117) to ensure the evaluation viewer server can start successfully.
[EXTERNAL_DOWNLOADS]: The evaluation viewer's HTML template (viewer.html) includes a script tag that loads the SheetJS library (xlsx.full.min.js) from cdn.sheetjs.com. This is a well-known service used specifically for rendering Excel spreadsheets within the browser-based review interface.
[SAFE]: The skill demonstrates secure coding practices by using yaml.safe_load() in quick_validate.py for parsing frontmatter, preventing potential arbitrary code execution vulnerabilities associated with unsafe YAML loading.
[SAFE]: The core instructions in SKILL.md include a 'Principle of Lack of Surprise' section, which explicitly directs the agent to refuse requests to create malicious, misleading, or exploitative skills.

skill-creator