Security Audit
claude-dev-suite/claude-dev-suite:skills/ai-integration/rag-patterns
github.com/claude-dev-suite/claude-dev-suiteTrust Assessment
claude-dev-suite/claude-dev-suite:skills/ai-integration/rag-patterns received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Excessive Write/Edit permissions declared.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 16, 2026 (commit 8c8434ef). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Excessive Write/Edit permissions declared The skill's manifest declares 'Write' and 'Edit' permissions. The skill's description ('Retrieval-Augmented Generation architecture patterns') and its current content (a descriptive markdown file with code examples) do not indicate a functional need for these broad file modification permissions. This creates an unnecessary attack surface, as a malicious or compromised LLM could potentially be prompted to use these tools to modify or delete arbitrary files in the repository, even if the skill's current content does not explicitly instruct such actions. Review and restrict 'allowed-tools' to only those strictly necessary for the skill's intended functionality. For a purely descriptive skill, 'Read', 'Grep', and 'Glob' might be sufficient. Remove 'Write' and 'Edit' unless there is a clear, documented use case for them that aligns with the skill's purpose. | Static | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/cf5938d8055b3412)
Powered by SkillShield