Security Audit
Ethical Hacking Methodology
github.com/sickn33/antigravity-awesome-skillsPartial VerificationCommit 9f5351e844df
55
CAUTION1
Critical
Immediate action required
1
High
Priority fixes suggested
0
Medium
Best practices review
0
Low
Acknowledged / Tracked
Trust Assessment
This report is partially verified. Deterministic layers ran, but LLM behavioral analysis (L4) was not executed for this scan.
The current score of 55/100 is provisional and may change after a full L4 verification run.
Last analyzed on February 20, 2026 (commit 9f5351e8). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Manifest Analysis
70%Static Code Analysis
85%Dependency Graph
100%LLM Behavioral SafetyNot run
—Behavioral Risk Signals
Network Access
1 finding
Filesystem Write
2 findings
Shell Execution
1 finding
Excessive Permissions
2 findings
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/ethical-hacking-methodology/SKILL.md:275 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/authorized_keys'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/ethical-hacking-methodology/SKILL.md:275 |