Security Audit

claude-dev-suite/claude-dev-suite:skills/api-design/webhooks

github.com/claude-dev-suite/claude-dev-suite

AI SkillCommit 8c8434ef25f0

TRUSTED

Scanned 14 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

claude-dev-suite/claude-dev-suite:skills/api-design/webhooks received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Excessive 'Write' and 'Edit' permissions for informational skill.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 16, 2026 (commit 8c8434ef). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
MEDIUM	Excessive 'Write' and 'Edit' permissions for informational skill The 'webhooks' skill is described as providing 'Webhook patterns' and code examples, indicating its primary function is informational. Declaring 'Write' and 'Edit' permissions for a skill that serves as a knowledge base or provides illustrative code snippets is excessive. These permissions grant the agent the ability to modify or create files, which is not directly supported or required by the skill's content or stated purpose as an informational resource. This broad access could be misused if the agent is prompted to perform actions outside the skill's intended scope, potentially leading to unauthorized file modifications. Review and restrict the 'allowed-tools' to only those strictly necessary for the skill's core function. For an informational skill providing patterns, 'Read', 'Grep', and 'Glob' are likely sufficient. Remove 'Write' and 'Edit' unless there is a clear, documented need for the skill itself to perform file modifications.	Static	SKILL.md

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/ff4f45d4af485d74.svg)](https://skillshield.io/report/ff4f45d4af485d74)