Security Audit
Security Scanning Tools
github.com/davila7/claude-code-templatesTrust Assessment
Security Scanning Tools received a trust score of 69/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 2 medium, and 2 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Extensive shell command examples with `sudo` and user-controlled arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Extensive shell command examples with `sudo` and user-controlled arguments The skill provides numerous shell command examples, many of which utilize `sudo` for elevated privileges. If the AI agent is configured to execute these commands based on user input without proper sanitization, it creates a significant command injection vulnerability. An attacker could craft malicious input (e.g., target IP, file paths, BSSID) to execute arbitrary commands with root privileges, leading to system compromise, data exfiltration, or denial of service. Implement strict input validation and sanitization for any user-provided arguments used in constructing shell commands. Ensure that the AI agent's execution environment is strictly sandboxed and operates with the principle of least privilege. Avoid direct execution of `sudo` commands based on untrusted input. Consider using safer APIs or wrappers that do not involve direct shell execution, or require explicit user confirmation for privileged operations. | LLM | SKILL.md:100 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Skill describes actions requiring elevated system and network privileges The skill details the usage of security tools that inherently require extensive system and network access, including root privileges (`sudo`) and raw socket access (e.g., for Nmap, Masscan, Aircrack-ng). While the skill itself doesn't request these permissions, its functionality relies on them. If the AI agent's execution environment grants such broad permissions to skills, it significantly increases the attack surface and the potential impact of a successful command injection or other exploit. Ensure the AI agent operates within a strictly sandboxed environment with the principle of least privilege applied. Only grant permissions absolutely necessary for the skill's intended, safe operation. Avoid running the agent as root or with `sudo` capabilities for skill execution. Implement robust access controls and monitoring for any privileged operations performed by the agent. | LLM | SKILL.md:30 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 | |
| LOW | Unpinned `pip install` commands for tool installation The skill provides `pip install` commands for Prowler and ScoutSuite without specifying exact version pins (e.g., `pip install prowler`). If these commands are executed by the AI agent, it could lead to installing arbitrary or potentially malicious versions of packages if the package maintainer's repository is compromised, or if a malicious package is published under the same name in the future. This introduces a supply chain risk. Specify exact versions for all Python package installations (e.g., `pip install prowler==X.Y.Z`) to ensure reproducibility and prevent unexpected changes or malicious updates. Consider using a `requirements.txt` file with pinned versions and hash checking, or a package manager that enforces dependency locking. | LLM | SKILL.md:326 |
Scan History
Embed Code
[](https://skillshield.io/report/d898242ddbd4c019)
Powered by SkillShield