Skill Security Audit Guide

Usage

# Scan installed skill
bash /shared/company-config/skill-audit.sh ~/workspace/skills/<skill-name>

# Strict mode (MEDIUM and above blocked)
bash /shared/company-config/skill-audit.sh ~/workspace/skills/<skill-name> --strict

Decision Criteria

exit 0 → ✅ Pass
exit 1 → ⚠️ Risk detected, notify owner and show report, wait for confirmation
exit 2 → ❌ Critical risk, prohibit usage, delete and report

Scan Scope (7 Dimensions)

🐚 Reverse Shell / Remote Code Execution
🔑 Data Exfiltration / API Key Theft
🎭 Code Obfuscation / Encoding Bypass
📦 Malicious Dependencies (typosquatting, install scripts)
📁 Unauthorized File System Access
🌐 Suspicious Network Activity
🔒 Non-auditable Binary Files

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Skill Security Audit Guide

Usage

Decision Criteria

Scan Scope (7 Dimensions)

FilesExpand file tree

skill-audit-guide.md

Latest commit

History

skill-audit-guide.md

File metadata and controls

Skill Security Audit Guide

Usage

Decision Criteria

Scan Scope (7 Dimensions)