Security Audit

rspack-debugging

github.com/rstackjs/agent-skills

AI SkillCommit 46637d3c02aa

100

TRUSTED

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

rspack-debugging received a trust score of 100/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 0 medium, and 0 low severity. Key findings include Skill modifies project configuration files, Skill requires write access to project directory for artifacts.

The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, static_code_analysis, dependency_graph. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 46637d3c). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
INFO	Skill modifies project configuration files The skill executes a Node.js script (`scripts/setup_debug_deps.cjs`) that modifies the user's `package.json` file. Specifically, it adds or updates `pnpm.overrides` to point `@rspack/core` and `@rspack/cli` to their respective `@rspack-debug/*` versions. The script also creates a backup of the original `package.json` as `package.json.bak`. While this is the intended functionality for setting up debug dependencies, it involves significant changes to the project's configuration files. Ensure users are fully aware of the modifications made to their `package.json` and the creation of a backup file. The skill already provides a `--restore` option, which is good practice for reverting these changes.	Unknown	scripts/setup_debug_deps.cjs:1
INFO	Skill requires write access to project directory for artifacts The skill instructs the agent to create a `debug_artifacts` directory in the user's project root and save debug output (such as backtraces and tracing logs) into it. This requires the agent to have write permissions to the user's project directory. This is an expected capability for a debugging skill that needs to store diagnostic information. No specific remediation is required beyond ensuring the user is aware of the file system interactions.	Unknown	SKILL.md:80

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/913c6f9003c23176.svg)](https://skillshield.io/report/913c6f9003c23176)