Security Audit
affaan-m/everything-claude-code:docs/ja-JP/skills/configure-ecc
github.com/affaan-m/everything-claude-codeTrust Assessment
affaan-m/everything-claude-code:docs/ja-JP/skills/configure-ecc received a trust score of 0/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 24 findings: 11 critical, 12 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: AI agent config, User-provided path in fallback installation may lead to command injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on March 20, 2026 (commit 9a478ad6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings24
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | docs/ja-JP/skills/configure-ecc/SKILL.md:17 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | docs/ja-JP/skills/configure-ecc/SKILL.md:43 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | docs/ja-JP/skills/configure-ecc/SKILL.md:183 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | docs/ja-JP/skills/configure-ecc/SKILL.md:188 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | docs/ja-JP/skills/configure-ecc/SKILL.md:189 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | docs/ja-JP/skills/configure-ecc/SKILL.md:190 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | docs/ja-JP/skills/configure-ecc/SKILL.md:198 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | docs/ja-JP/skills/configure-ecc/SKILL.md:208 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | docs/ja-JP/skills/configure-ecc/SKILL.md:285 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | docs/ja-JP/skills/configure-ecc/SKILL.md:293 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | docs/ja-JP/skills/configure-ecc/SKILL.md:294 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | docs/ja-JP/skills/configure-ecc/SKILL.md:17 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | docs/ja-JP/skills/configure-ecc/SKILL.md:43 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | docs/ja-JP/skills/configure-ecc/SKILL.md:183 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | docs/ja-JP/skills/configure-ecc/SKILL.md:188 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | docs/ja-JP/skills/configure-ecc/SKILL.md:189 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | docs/ja-JP/skills/configure-ecc/SKILL.md:190 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | docs/ja-JP/skills/configure-ecc/SKILL.md:198 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | docs/ja-JP/skills/configure-ecc/SKILL.md:208 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | docs/ja-JP/skills/configure-ecc/SKILL.md:285 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | docs/ja-JP/skills/configure-ecc/SKILL.md:293 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | docs/ja-JP/skills/configure-ecc/SKILL.md:294 | |
| HIGH | User-provided path in fallback installation may lead to command injection In Step 0, if the initial `git clone` fails, the skill asks the user to provide a local path to an existing ECC clone. If this user-provided path is subsequently used in shell commands (e.g., `cp -r $USER_PROVIDED_PATH/skills/<skill-name> $TARGET/skills/`) without proper sanitization or validation, a malicious user could inject arbitrary commands or perform path traversal. For example, providing a path like `../../malicious_dir; rm -rf /` could lead to unintended system modifications or data exfiltration. Sanitize and validate any user-provided path string before using it in shell commands. Ensure it's a valid, absolute path within expected boundaries and does not contain shell metacharacters. Prefer using a dedicated file system API that handles path resolution safely, rather than directly concatenating strings into shell commands. If shell commands are necessary, explicitly quote the path variable (e.g., `cp -r "$USER_PROVIDED_PATH/skills/<skill-name>" "$TARGET/skills/"`) and consider using `realpath` or similar to resolve and validate the path. | LLM | SKILL.md:40 | |
| MEDIUM | Direct cloning of remote repository introduces supply chain risk The skill directly clones the `https://github.com/affaan-m/everything-claude-code.git` repository into `/tmp`. If this remote repository were to be compromised, malicious code could be introduced into the user's system via this installation process. There is no mechanism described to verify the integrity (e.g., checksums, signed commits) of the cloned content. Consider pinning to a specific commit hash instead of the default branch to ensure reproducibility and prevent unexpected changes. Implement integrity checks (e.g., verify GPG signatures on commits, compare against known good checksums) if the environment supports it. Clearly communicate the source of the code to the user. | LLM | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/8ac0ad5a14aa7206)
Powered by SkillShield