The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx to download and execute the @claude-flow/cli package from the NPM registry. This is a standard method for utilizing CLI tools and is consistent with the skill's purpose of performing codebase scans.
[COMMAND_EXECUTION]: Executes shell commands via npx to initiate security scans, check for CVEs, and generate markdown reports. Note that the allowed-tools configuration specifically restricts the Bash tool to npx commands, which is a security best practice for limiting command execution scope.
[DATA_EXFILTRATION]: Scan results are processed and stored using mcp__claude-flow__memory_store. This interaction occurs within the agent's MCP environment for data persistence and does not constitute unauthorized external data transmission.

security-scan