{ "trust": { "tier": "Dangerous", "emoji": "🔴", "description": "Multiple critical issues — do not install without thorough manual review", "score": 20 }, "format": "skill", "skill": { "name": "security-audit", "description": "Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.", "version": null, "slug": "security-audit-toolkit" }, "scores": { "security": 0, "transparency": 5, "maintenance": 7, "overall": 2 }, "permissions": { "summary": "No declared permissions — minimal attack surface.", "environmentVariables": [], "binaries": [], "envVarCount": 0, "requiredBinCount": 0 }, "compoundThreats": [ { "id": "credential_obfuscation", "severity": "high", "description": "Accesses credentials AND encodes data — may obfuscate stolen credentials", "capabilities": [ "credential_access", "data_encoding" ], "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03", "ASI04" ] }, { "id": "supply_chain", "severity": "high", "description": "Installs packages AND executes processes — opaque dependency chain with execution", "capabilities": [ "package_install", "process_exec" ], "owasp": [ "LLM03" ], "owaspAsi": [ "ASI04" ] }, { "id": "c2_channel", "severity": "critical", "description": "Receives external input AND executes processes — command & control channel", "capabilities": [ "network_in", "process_exec" ], "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI10" ] }, { "id": "local_payload_execution", "severity": "critical", "description": "Reads files AND uses eval/Function — may execute locally stored payloads", "capabilities": [ "dynamic_eval", "file_read" ], "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI05" ] }, { "id": "obfuscated_execution", "severity": "critical", "description": "Encodes data AND uses eval — classic obfuscated code execution (atob + eval)", "capabilities": [ "data_encoding", "dynamic_eval" ], "owasp": [ "LLM05" ], "owaspAsi": [ "ASI05", "ASI10" ] }, { "id": "remote_eval_injection", "severity": "critical", "description": "Receives external input AND uses eval — attacker can inject code via network", "capabilities": [ "network_in", "dynamic_eval" ], "owasp": [ "LLM01", "LLM05" ], "owaspAsi": [ "ASI01", "ASI05" ] } ], "permissionIntegrity": [ { "type": "undeclared_capability", "severity": "high", "description": "Code accesses API keys/tokens but declares no environment variables", "actual": "credential_access", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ] }, { "type": "opaque_dependency", "severity": "medium", "description": "Installs packages at runtime — transitive dependencies are not auditable", "actual": "package_install", "owasp": [ "LLM03" ], "owaspAsi": [ "ASI04" ] } ], "capabilities": [ "package_install", "data_encoding", "credential_access", "file_read", "process_exec", "network_in", "dynamic_eval", "credential_store" ], "findings": [ { "severity": "high", "category": "code_execution", "description": "Uses exec() — may execute shell commands", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "exec(", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "high", "category": "code_execution", "description": "References child_process — can spawn system processes", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "child_process", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "high", "category": "code_execution", "description": "Uses spawn() — can execute external programs", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "spawn(", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "code_execution", "description": "Uses eval() — can execute arbitrary code", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "eval(", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "code_execution", "description": "Dynamic Function constructor — equivalent to eval()", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "new Function(", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "high", "category": "credentials", "description": "Accesses .ssh directory", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": ".ssh/", "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ], "confidence": "pattern" }, { "severity": "critical", "category": "credentials", "description": "Possible hardcoded credential", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "API_KEY=\"sk-abc123...", "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ], "confidence": "pattern" } ], "summary": { "total": 7, "critical": 3, "high": 4, "medium": 0, "low": 0, "compoundThreats": 6, "integrityIssues": 2 }, "trustSignals": { "positive": [ { "signal": "described", "positive": true, "detail": "Has meaningful description" }, { "signal": "os_scoped", "positive": true, "detail": "Scoped to: linux, darwin, win32" }, { "signal": "documented", "positive": true, "detail": "SKILL.md has substantial documentation" } ], "negative": [ { "signal": "versioned", "positive": false, "detail": "No version declared" }, { "signal": "undeclared_env", "positive": false, "detail": "Uses credentials in code but declares no env vars" }, { "signal": "opaque_deps", "positive": false, "detail": "Installs packages at runtime — transitive dependencies are unauditable" } ] }, "files": { "hasExecutableCode": false, "executableFiles": [], "totalFiles": 2 }, "humanSummary": "security-audit scores 20/100 (Dangerous). It declares no permissions. Receives external input AND executes processes — command & control channel. 1 undeclared capability detected — the skill does more than its permissions suggest. 3 critical pattern matches in code.", "auditedAt": "2026-04-23T03:41:26.774Z", "vtEnrichment": { "checked": 2, "flagged": 0, "urls": [ { "url": "https://aquasecurity.github.io/trivy", "malicious": 0, "suspicious": 0, "engines": 93, "cached": false }, { "url": "https://example.com", "malicious": 0, "suspicious": 0, "engines": 91, "cached": false } ] } }