Security Audit

affaan-m/everything-claude-code:.cursor/skills/configure-ecc

github.com/affaan-m/everything-claude-code

AI SkillCommit db27ba1eb225

CRITICAL

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

affaan-m/everything-claude-code:.cursor/skills/configure-ecc received a trust score of 0/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 24 findings: 11 critical, 12 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: AI agent config, Unpinned Git Clone Leads to Supply Chain Risk.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 24, 2026 (commit db27ba1e). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

Static Code Analysis

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Network Access

12 findings

Filesystem Write

23 findings

Shell Execution

12 findings

Dynamic Code

1 finding

Excessive Permissions

22 findings

Security Findings24

Severity	Finding	Layer	Location
CRITICAL	File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	.cursor/skills/configure-ecc/SKILL.md:17
CRITICAL	File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	.cursor/skills/configure-ecc/SKILL.md:43
CRITICAL	File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	.cursor/skills/configure-ecc/SKILL.md:183
CRITICAL	File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	.cursor/skills/configure-ecc/SKILL.md:188
CRITICAL	File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	.cursor/skills/configure-ecc/SKILL.md:189
CRITICAL	File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	.cursor/skills/configure-ecc/SKILL.md:190
CRITICAL	File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	.cursor/skills/configure-ecc/SKILL.md:198
CRITICAL	File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	.cursor/skills/configure-ecc/SKILL.md:208
CRITICAL	File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	.cursor/skills/configure-ecc/SKILL.md:285
CRITICAL	File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	.cursor/skills/configure-ecc/SKILL.md:293
CRITICAL	File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	.cursor/skills/configure-ecc/SKILL.md:294
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	.cursor/skills/configure-ecc/SKILL.md:17
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	.cursor/skills/configure-ecc/SKILL.md:43
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	.cursor/skills/configure-ecc/SKILL.md:183
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	.cursor/skills/configure-ecc/SKILL.md:188
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	.cursor/skills/configure-ecc/SKILL.md:189
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	.cursor/skills/configure-ecc/SKILL.md:190
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	.cursor/skills/configure-ecc/SKILL.md:198
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	.cursor/skills/configure-ecc/SKILL.md:208
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	.cursor/skills/configure-ecc/SKILL.md:285
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	.cursor/skills/configure-ecc/SKILL.md:293
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	.cursor/skills/configure-ecc/SKILL.md:294
HIGH	Unpinned Git Clone Leads to Supply Chain Risk The skill uses `git clone` to fetch the 'everything-claude-code' repository without specifying a fixed version (e.g., a commit hash or tag). This means the skill will always clone the latest version of the default branch. If the remote repository is compromised or a malicious change is introduced to its main branch, the skill will install potentially malicious code without explicit review, posing a significant supply chain risk. Pin the `git clone` operation to a specific commit hash or tag to ensure deterministic and auditable dependency fetching. For example: `git clone --depth 1 --branch <tag_or_branch> <repo_url> <destination_path>` or `git clone <repo_url> <destination_path> && cd <destination_path> && git checkout <commit_hash>`.	Static	SKILL.md:28
MEDIUM	Potential Prompt Injection via Processed Installed Files During the 'Optimize Installed Files' step, the skill instructs the host LLM to 'Read each installed SKILL.md' and 'Edit the SKILL.md files in-place'. Since the installed files originate from an unpinned `git clone` (as identified in SS-SC-001), their content is not guaranteed to be benign. If a malicious actor compromises the source repository, they could inject prompt injection instructions into the `SKILL.md` or rule files. When the LLM processes these files for 'optimization', it could be manipulated to perform unintended actions, effectively turning a supply chain compromise into a prompt injection attack against the host LLM. Mitigate the underlying supply chain risk by pinning the `git clone` to a specific version. Additionally, implement strict sanitization or validation of content from external sources before it is processed by the LLM, especially when the LLM is instructed to 'edit' or 'suggest' changes based on that content. Consider sandboxing the LLM's execution environment during such operations.	LLM	SKILL.md:170

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/1932b115507723e8.svg)](https://skillshield.io/report/1932b115507723e8)