Security Audit
cc-skill-continuous-learning
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
cc-skill-continuous-learning received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 4 critical, 6 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive environment variable access: $HOME, Sensitive path access: AI agent config.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/cc-skill-continuous-learning/evaluate-session.sh:9 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/cc-skill-continuous-learning/evaluate-session.sh:16 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/cc-skill-continuous-learning/evaluate-session.sh:24 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/cc-skill-continuous-learning/evaluate-session.sh:36 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/cc-skill-continuous-learning/evaluate-session.sh:9 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/cc-skill-continuous-learning/evaluate-session.sh:16 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/cc-skill-continuous-learning/evaluate-session.sh:24 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/cc-skill-continuous-learning/evaluate-session.sh:36 | |
| HIGH | Command Injection via `mkdir -p` with path from config The script constructs `LEARNED_SKILLS_PATH` by reading from `config.json` and then performing a `sed` substitution. If a malicious skill author provides a `learned_skills_path` in `config.json` containing shell metacharacters (e.g., `;`, `&`, `|`, `$(...)`), these characters will be expanded and executed when `mkdir -p "$LEARNED_SKILLS_PATH"` is called. For example, if `config.json` contains `{"learned_skills_path": "/tmp/foo; rm -rf /"}`, this could lead to arbitrary command execution. Ensure that paths read from configuration files are properly sanitized or validated to prevent shell metacharacters from being interpreted as commands. For `mkdir`, consider using a programming language's safe directory creation functions or strictly validating the path format to allow only safe characters. | LLM | evaluate-session.sh:32 | |
| HIGH | Command Injection via `grep` with untrusted `CLAUDE_TRANSCRIPT_PATH` The script uses the `CLAUDE_TRANSCRIPT_PATH` environment variable directly in a `grep` command: `grep -c '"type":"user"' "$transcript_path"`. If an attacker can control the `CLAUDE_TRANSCRIPT_PATH` environment variable (e.g., by setting it to `foo.json; rm -rf /`), arbitrary commands can be executed. Environment variables are often considered untrusted input, especially if they can be influenced by the user or external processes. Sanitize the `CLAUDE_TRANSCRIPT_PATH` environment variable to ensure it contains only valid file path characters and no shell metacharacters before using it in shell commands. Alternatively, use a programming language's safe file reading functions instead of direct shell execution for sensitive operations. | LLM | evaluate-session.sh:41 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/cc-skill-continuous-learning/evaluate-session.sh:30 |
Scan History
Embed Code
[](https://skillshield.io/report/b2141aa1ca04201c)
Powered by SkillShield