此内容尚未提供您的语言版本,正在以英文显示。

Skill Security Auditor

技能已验证活跃

Security audit and vulnerability scanner for AI agent skills before installation. Use when: (1) evaluating a skill from an untrusted source, (2) auditing a skill directory or git repo URL for malicious code, (3) pre-install security gate for Claude Code plugins, OpenClaw skills, or Codex skills, (4) scanning Python scripts for dangerous patterns like os.system, eval, subprocess, network exfiltration, (5) detecting prompt injection in SKILL.md files, (6) checking dependency supply chain risks, (7) verifying file system access stays within skill boundaries. Triggers: "audit this skill", "is this skill safe", "scan skill for security", "check skill before install", "skill security check", "skill vulnerability scan".

目的

To ensure the safety and integrity of AI agent skills by providing a thorough security audit before installation, mitigating risks from malicious code or vulnerabilities.

功能

Scans Python, Bash, JS, and Markdown files
Detects command injection, code execution, obfuscation
Identifies prompt injection, data exfiltration, privilege escalation
Checks dependency supply chain risks and filesystem abuse
Outputs clear PASS/WARN/FAIL verdicts with remediation

使用场景

Auditing skills from untrusted sources
Scanning AI agent directories or git repo URLs for malicious code
Acting as a pre-install security gate for skills
Verifying file system access stays within skill boundaries

非目标

Executing the skill's code (static analysis only)
Detecting logic bombs or time-delayed payloads
Guaranteeing 100% detection against novel obfuscation techniques

安装

请先添加 Marketplace

/plugin marketplace add alirezarezvani/claude-skills

/plugin install engineering@claude-code-skills

质量评分

已验证

95 /100

1 day ago 分析

信任信号

最近提交1 day ago

GitHub 所有者 alirezarezvani

星标14.6k

许可证MIT

网站alirezarezvani.medium.com

状态

查看源代码

类似扩展

Ship Gate

100

Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.

技能

alirezarezvani

Security Audit

Deep security audit covering OWASP Top 10, authentication, authorization, data protection, dependency vulnerabilities, and secrets scanning. Delegates to the Centinela (QA) agent.

技能

davepoon

Security Audit

Comprehensive security scanning and vulnerability detection. Includes input validation, path traversal prevention, CVE detection, and secure coding pattern enforcement. Use when: authentication implementation, authorization logic, payment processing, user data handling, API endpoint creation, file upload handling, database queries, external API integration. Skip when: read-only operations on public data, internal development tooling, static documentation, styling changes.

技能

ruvnet

TradeMemory Protocol

100

Evolution Engine 的领域知识 — 支持 LLM 从原始 OHLCV 数据中自主发现策略。涵盖生成-回测-选择-进化循环、向量化回测、样本外验证和策略梯度。在发现交易模式、运行回测、进化策略或审查进化日志时使用。由“evolve”、“discover patterns”、“backtest”、“evolution”、“strategy generation”、“candidate strategy”触发。

技能

mnemox-ai

Gdpr Dsgvo Expert

100

GDPR and German DSGVO compliance automation. Scans codebases for privacy risks, generates DPIA documentation, tracks data subject rights requests. Use for GDPR compliance assessments, privacy audits, data protection planning, DPIA generation, and data subject rights management.

技能

alirezarezvani

Refactor Plan

100

Prioritized redesign action plan covering quick wins, medium effort, major rework

技能

Aboudjem