Security Audit
production-code-audit
github.com/davila7/claude-code-templatesTrust Assessment
production-code-audit received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Autonomous Full Read/Write Access to Entire Codebase.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Autonomous Full Read/Write Access to Entire Codebase The skill explicitly instructs the agent to autonomously list directories (`listDirectory`), read all files recursively (`readFile`), modify files using `strReplace`, and add new files across the entire project. This is done 'without asking the user for input'. This grants the agent full, unconfirmed read and write access to the entire codebase, posing a critical risk for data exfiltration, code injection, or destructive actions if the skill or agent is compromised. Implement granular, user-confirmed permissions for file system operations. Require explicit user consent before reading or modifying sensitive files or performing widespread changes. Restrict `listDirectory`, `readFile`, `strReplace`, and file creation to specific, user-approved paths or require confirmation for broad operations. Ensure the agent's execution environment is sandboxed. | LLM | SKILL.md:199 | |
| HIGH | Implicit Command Execution via 'Run tests' Instruction The skill instructs the agent to 'Run tests to ensure nothing broke'. This implies the capability to execute arbitrary shell commands (e.g., test runners) within the agent's environment. If the agent's mechanism for running tests is not securely sandboxed, or if the skill could manipulate test files or configurations to inject malicious commands, this could lead to command injection and arbitrary code execution on the host system. Ensure that any command execution initiated by the agent (e.g., running tests) is performed within a strictly sandboxed and isolated environment. Implement allow-lists for executable commands and prevent the agent from modifying test scripts or configuration files that could lead to command injection. | LLM | SKILL.md:222 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/2c189be2d433886e)
Powered by SkillShield