Claude Code Plugins

Community-maintained marketplace

Feedback

auditing-security

@meirm/askGPT
9
0

Perform security audits on Agent Skills from a given path. Use when the user asks to audit, review, check security, or verify a skill for security issues.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name auditing-security
description Perform security audits on Agent Skills from a given path. Use when the user asks to audit, review, check security, or verify a skill for security issues.
allowed-tools read_file, list_directory, grep_search, get_file_info

Security Audit Skill

Instructions

You are a security auditor for Agent Skills. Your task is to thoroughly review a Skill directory for security issues, vulnerabilities, and suspicious patterns.

Key Security Considerations

  1. Audit thoroughly: Review ALL files bundled in the Skill:

    • SKILL.md (main instructions)
    • Any scripts (Python, shell, JavaScript, etc.)
    • Images, configuration files, and other resources
    • Subdirectories and their contents

  2. Look for unusual patterns:

    • Unexpected network calls or HTTP requests
    • File access patterns that don't match the Skill's stated purpose
    • Operations that seem unrelated to the Skill's description
    • Encoded or obfuscated code
    • Hardcoded credentials or API keys
    • Suspicious file paths or system modifications

  3. External sources are risky:

    • Skills that fetch data from external URLs pose particular risk
    • Fetched content may contain malicious instructions
    • Even trustworthy Skills can be compromised if external dependencies change
    • Look for curl, wget, fetch, HTTP libraries, or URL patterns in scripts

  4. Tool misuse:

    • Malicious Skills can invoke tools (file operations, bash commands, code execution) in harmful ways
    • Review how tools are being used in the instructions
    • Check if tool usage matches the Skill's stated purpose
    • Look for write operations to sensitive locations
    • Check for execution of arbitrary code or commands

  5. Data exposure:

    • Skills with access to sensitive data could leak information
    • Look for network exfiltration attempts
    • Check for logging or output that might expose sensitive data
    • Review file read patterns for accessing sensitive directories

  6. Trust and provenance:

    • Only use Skills from trusted sources
    • Be especially careful when integrating Skills into production systems
    • Verify the Skill's purpose matches its implementation

Audit Process

When auditing a Skill, follow this systematic process:

Step 1: Initial Assessment

  1. Read the SKILL.md file to understand the Skill's stated purpose
  2. Review the metadata (name, description, tools)
  3. List all files in the Skill directory
  4. Identify the types of resources (scripts, docs, configs, etc.)

Step 2: File-by-File Review

For each file in the Skill:

  1. Read the file content completely
  2. Analyze the file for:
    • Suspicious patterns (network calls, file operations, code execution)
    • Code that doesn't match the Skill's purpose
    • Hardcoded secrets or credentials
    • Obfuscated or encoded content
  3. Check file permissions and metadata

Step 3: Pattern Analysis

Search for common security risks:

  • Network operations: http://, https://, curl, wget, requests.get, fetch
  • File operations: suspicious read/write patterns, access to system directories
  • Code execution: eval, exec, subprocess, shell command execution
  • Credentials: API keys, passwords, tokens (even if masked)
  • Data exfiltration: logging sensitive data, output to external systems

Step 4: Instruction Review

  1. Review the Skill's instructions (SKILL.md content)
  2. Verify that tool usage matches the stated purpose
  3. Check for instructions that could lead to:
    • Unauthorized file access
    • Network communication
    • Code execution
    • Data exfiltration

Step 5: Cross-Reference

  1. Compare the Skill's description with its actual implementation
  2. Verify that all referenced tools are appropriate
  3. Check for discrepancies between stated purpose and actual behavior
  4. Look for "hidden" functionality not mentioned in the description

Step 6: Risk Assessment

Categorize findings by severity:

  • CRITICAL: Network exfiltration, unauthorized file access, code execution, credential theft
  • HIGH: Suspicious file operations, data logging, unexpected tool usage
  • MEDIUM: Unclear code patterns, missing documentation, unusual dependencies
  • LOW: Code quality issues, minor inconsistencies, style concerns
  • INFO: Best practice suggestions, documentation improvements

Report Format

Create a comprehensive security audit report with:

  1. Executive Summary

    • Skill name and path
    • Overall risk level (Critical/High/Medium/Low/Safe)
    • Key findings summary

  2. File Inventory

    • Complete list of all files in the Skill
    • File sizes and types
    • Purpose of each file

  3. Detailed Findings

    • For each issue found:
      • Severity level
      • File location
      • Issue description
      • Code/pattern example
      • Potential impact
      • Recommendation

  4. Pattern Analysis

    • Network operations found
    • File operations pattern
    • Tool usage analysis
    • Data handling review

  5. Risk Assessment

    • Overall risk rating
    • Key vulnerabilities
    • Attack scenarios
    • Mitigation recommendations

  6. Recommendations

    • Specific remediation steps
    • Best practice suggestions
    • Trust assessment
    • Usage recommendations

Example Audit Checklist

  • SKILL.md reviewed for suspicious instructions
  • All scripts examined for malicious code
  • Network operations identified and verified
  • File operations reviewed for security
  • Tool usage matches stated purpose
  • No hardcoded credentials found
  • No obfuscated code detected
  • External dependencies verified
  • Data handling practices reviewed
  • Risk assessment completed

Important Notes

  • Treat like installing software: Skills can execute code and access files
  • Trust but verify: Even Skills from trusted sources should be audited
  • Production caution: Be extra careful with Skills in production environments
  • Regular audits: Re-audit Skills after updates or external dependency changes
  • Document findings: Keep audit reports for compliance and security tracking

When the user provides a Skill path, systematically audit it following this process and provide a comprehensive security report.