Security Audit
claude-dev-suite/claude-dev-suite:skills/authentication/oauth2
github.com/claude-dev-suite/claude-dev-suiteTrust Assessment
claude-dev-suite/claude-dev-suite:skills/authentication/oauth2 received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Excessive 'Write' and 'Edit' permissions declared for a documentation skill.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 16, 2026 (commit 8c8434ef). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Excessive 'Write' and 'Edit' permissions declared for a documentation skill The 'oauth2' skill is primarily a documentation skill (SKILL.md) providing informational content and code examples. Its manifest declares 'Write' and 'Edit' permissions. For a documentation-focused skill, these permissions are overly broad and unnecessary. Granting an agent the ability to write or edit files when only reading or grepping content is required introduces an elevated risk. If the agent were to be compromised or misdirected, these permissions could be leveraged to modify or delete files on the system, even if the skill's content itself does not explicitly call for such actions. Reduce the 'allowed-tools' in the skill manifest to only those strictly necessary for a documentation skill, such as 'Read' or 'Grep'. Remove 'Write' and 'Edit' permissions to adhere to the principle of least privilege. | Static | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/b7e7490561ae3e8a)
Powered by SkillShield