Why is recursive scanning important for security?

Many malicious skills hide harmful code in secondary shell scripts or setup files rather than the main definition file; recursive scanning ensures these hidden threats are identified.

Does this skill execute the code it analyzes?

No, the skill treats all repository content as static data and operates under strict guardrails to prevent accidental execution during the auditing process.

What happens if a file is too large to scan?

For performance and safety, the skill reads the headers or first 50 lines of very large or binary files and flags them for manual review rather than skipping them entirely.

Do I need any external tools to use this?

Yes, you must have the GitHub CLI (gh) installed and authenticated on your system for the skill to fetch repository metadata and file contents.

Skill Security Auditor

Name: Skill Security Auditor
Author: f4ah6o

byf4ah6o

Security & Testing

Analyzes GitHub repositories for malicious code and security risks before you install or execute new Agent Skills.

About

Skill Security Auditor acts as a vital security guardrail for Claude Code users, performing deep recursive scans of GitHub repositories to identify hidden threats. Unlike basic scanners, it traces execution paths into referenced scripts, shell files, and configuration entry points to detect destructive commands, data exfiltration patterns, and prompt injection attempts. This skill is indispensable for developers who want to safely explore third-party tools and custom skills without compromising their local system or exposing sensitive credentials like SSH keys or environment variables.

Key Features

Detection of destructive commands and unauthorized system file writes
Recursive analysis of referenced shell, Python, and Node scripts
0 GitHub stars
Structured security reports with risk level assessments from Safe to Malicious
Identification of prompt injection and AI-specific security bypasses
Scanning for secret exfiltration and suspicious network requests

Use Cases

Auditing open-source scripts for hidden backdoors and malicious one-liners
Verifying a third-party Agent Skill's safety before local installation
Ensuring new Model Context Protocol servers don't access sensitive cloud credentials

About

Key Features

Detection of destructive commands and unauthorized system file writes
Recursive analysis of referenced shell, Python, and Node scripts
0 GitHub stars
Structured security reports with risk level assessments from Safe to Malicious
Identification of prompt injection and AI-specific security bypasses
Scanning for secret exfiltration and suspicious network requests

Use Cases

Auditing open-source scripts for hidden backdoors and malicious one-liners
Verifying a third-party Agent Skill's safety before local installation
Ensuring new Model Context Protocol servers don't access sensitive cloud credentials