The Agent Skills Directory

[SAFE]: The skill is a legitimate security auditing tool for the Picoclaw platform, offering deterministic profile generation and baseline comparison.
[COMMAND_EXECUTION]: The skill provides Node.js scripts for local security audits. These scripts implement strict path-confinement logic in lib/profile.mjs (using path.relative and realpath checks) to ensure that generated profile outputs remain within the designated home directory, effectively mitigating directory traversal risks.
[REMOTE_CODE_EXECUTION]: No unverified remote code execution or suspicious external downloads were identified in the operational skill scripts. A Docker-based regression test is provided for isolated environment testing during development, using standard system package managers.
[DATA_EXFILTRATION]: The posture auditing logic in lib/profile.mjs utilizes regular expressions to detect the presence of secrets (keys, tokens) within configuration files. This logic only records the count of identified markers for security scoring and does not capture or transmit the actual sensitive values.

picoclaw-security-guardian