Skip to content

uxgnod/agent-audit-skill

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
skills/audit-skill
skills/audit-skill
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

audit-skill

A security audit skill for AI agent skill packages. Before you install an unfamiliar skill, let your agent read every file and tell you what it actually does — not just what it claims.

Why

The agent skills ecosystem is growing fast. The ClawHavoc incident found 341 malicious skills out of 2,857 (12%). Snyk's scan of 3,984 skills found 13.4% with critical security issues. Most users install skills without reading the SKILL.md, let alone any scripts bundled with it.

audit-skill gives your agent a precise framework to catch:

  • Credential exfiltration hidden in shell scripts
  • Prompt injection buried in instruction text
  • Network calls not mentioned in the description
  • Obfuscated payloads and destructive operations

Install

npx skills add uxgnod/agent-audit-skill

Or install globally:

npx skills add uxgnod/agent-audit-skill -g

Usage

In any agent session (Claude Code, Codex, Cursor, etc.), just say:

audit this skill before installing: vercel-labs/agent-skills@some-skill

is this skill safe? random-user/pdf-tools

check https://github.com/some-user/suspicious-skill for security issues

The agent will:

  1. Clone the skill to a temp directory
  2. Read every file (SKILL.md, scripts, assets, references)
  3. Perform a three-layer analysis (declared intent vs actual behavior vs gap)
  4. Present a report with GREEN / YELLOW / RED rating
  5. Ask if you want to proceed with installation

Self-Audit

You can verify that audit-skill itself is clean:

audit this skill: uxgnod/agent-audit-skill

Or after installation:

audit the installed skill audit-skill

Expected result: GREEN. The installable skill lives in skills/audit-skill/. That skill directory contains only SKILL.md, has no scripts/ directory, makes no network calls, and does exactly what the description says.

How It Works

audit-skill gives your agent a structured evaluation framework — it does not call any external LLM or service. Your agent IS the LLM doing the analysis. Zero dependencies, zero API keys, zero configuration.

The three-layer analysis:

  • Layer 1 — what does the skill claim to do? (frontmatter name + description)
  • Layer 2 — what does it actually instruct the agent to do? (full file trace)
  • Layer 3 — what is the gap? (undisclosed behavior = findings)

Limitations

  • Audit quality depends on the model powering your agent. Use a capable model (Claude Sonnet or better, GPT-4o, etc.) for highest confidence.
  • A GREEN rating is not a guarantee of safety. Novel obfuscation techniques may be missed.
  • Binary files are flagged YELLOW by default (contents cannot be verified).

License

MIT — see LICENSE

About

Security audit skill for AI agent skill packages — detects credential exfiltration, prompt injection, and undisclosed behavior before install

Topics

security audit agent-skills claude-code skills-cli

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors