Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aliabbaschadhar/audit-skills

Name: audit-skills
Author: aliabbaschadhar

assets/skills/audit-skills/SKILL.md

npx skillsauth add aliabbaschadhar/agent-superpowers audit-skills

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Audit Skills (Premium Universal Security)

Overview

Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS). 2-4 sentences is perfect.

When to Use This Skill

Use when you need to audit AI skills and bundles for security vulnerabilities
Use when working with cross-platform security analysis
Use when the user asks about verifying skill legitimacy or performing security reviews
Use when scanning for mobile threats in AI skills

How It Works

Step 1: Static Analysis

Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads.

Step 2: Platform-Specific Threat Detection

Analyzes code for platform-specific security issues across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).

1. Privilege, Ownership & Metadata Manipulation

Elevated Access: sudo, chown, chmod, TakeOwnership, icacls, Set-ExecutionPolicy.
Metadata Tampering: touch -t, setfile (macOS), attrib (Windows), Set-ItemProperty, chflags.
Risk: Unauthorized access, masking activity, or making files immutable.

2. File/Folder Locking & Resource Denial

Patterns: chmod 000, chattr +i (immutable), attrib +r +s +h, Deny ACEs in icacls.
Global Actions: Locking or hiding folders in %USERPROFILE%, /Users/, or /etc/.
Risk: Denial of service or data locking.

3. Script Execution & Batch Invocation

Legacy/Batch Windows: .bat, .cmd, cmd.exe /c, vbs, cscript, wscript.
Unix Shell: .sh, .bash, .zsh, chmod +x followed by execution.
PowerShell: .ps1, powershell -ExecutionPolicy Bypass -File ....
Hidden Flags: -WindowStyle Hidden, -w hidden, -noprofile.

4. Dangerous Install/Uninstall & System Changes

Windows: msiexec /qn, choco uninstall, reg delete.
Linux/Unix: apt-get purge, yum remove, rm -rf /usr/bin/....
macOS: brew uninstall, deleting from /Applications.
Risk: Removing security software or creating unmonitored installation paths.

5. Mobile Application & OS Security (Android/iOS)

Android Tools: adb shell, pm install, am start, apktool, dex2jar, keytool.
Android Files: Manipulation of AndroidManifest.xml (permissions), classes.dex, or strings.xml.
iOS Tools: xcodebuild, codesign, security find-identity, fastlane, xcrun.
iOS Files: Manipulation of Info.plist, Entitlements.plist, or Provisioning Profiles.
Mobile Patterns: Jailbreak/Root detection bypasses, hardcoded API keys in mobile source, or sensitive permission requests (Camera, GPS, Contacts) in non-mobile skills.
Risk: Malicious mobile package injection, credential theft from mobile builds, or device manipulation via ADB.

6. Information Disclosure & Network Exfiltration

Patterns: curl, wget, Invoke-WebRequest, Invoke-RestMethod, scp, ftp, nc, socat.
Sensible Data: .env, .ssh, cookies.sqlite, Keychains (macOS), Credentials (Windows), keystore (Android).
Intranet: Scanning internal IPs or mapping local services.

7. Service, Process & Stability Manipulation

Windows: Stop-Service, taskkill /f, sc.exe delete.
Unix/Mac: kill -9, pkill, systemctl disable/stop, launchctl unload.
Low-level: Direct disk access (dd), firmware/BIOS calls, kernel module management.

8. Obfuscation & Persistence

Encoding: Base64, Hex, XOR loops, atob().
Persistence: reg add (Run keys), schtasks, crontab, launchctl (macOS), systemd units.
Tubes: curl ... | bash, iwr ... | iex.

9. Legitimacy & Scope (Universal)

Registry Alignment: Cross-reference with CATALOG.md.
Structural Integrity: Does it follow the standard repo layout?
Healthy Scope: Does a "UI Design" skill need adb shell or sudo?

Step 3: Reporting

Generates a security report with a score (0-10), platform target identification, flagged actions, threat analysis, and mitigation recommendations.

Examples

Example 1: Security Review

"Perform a security audit on this skill bundle"

Example 2: Cross-Platform Threat Analysis

"Scan for mobile threats in this AI skill"

Best Practices

✅ Perform non-intrusive analysis
✅ Check for privilege escalation patterns
✅ Look for information disclosure vulnerabilities
✅ Analyze cross-platform threats
❌ Don't execute potentially malicious code during audit
❌ Don't modify the code being audited
❌ Don't ignore mobile-specific security concerns

Common Pitfalls

Problem: Executing code during audit Solution: Stick to static analysis methods only
Problem: Missing cross-platform threats Solution: Check for platform-specific security issues on all supported platforms
Problem: Failing to detect obfuscated payloads Solution: Look for encoding patterns like Base64, Hex, XOR loops, and atob()

Related Skills

@security-scanner - Additional security scanning capabilities

aliabbaschadhar/audit-skills

assets/skills/audit-skills/SKILL.md

testing

Updated May 31, 2026

$ install --global

skillsauth

npx skillsauth add aliabbaschadhar/agent-superpowers audit-skills

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 3, 2026, 9:08 AM5.3s1 file scanned

SKILL.md

name:: audit-skills
description:: Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).
category:: security
risk:: safe
source:: community
date_added:: 2026-03-07
author:: MAIOStudio
tags:: [security, audit, skills, bundles, cross-platform]
tools:: [claude, gemini, gpt, llama, mistral, etc]

Audit Skills (Premium Universal Security)

Overview

When to Use This Skill

Use when you need to audit AI skills and bundles for security vulnerabilities
Use when working with cross-platform security analysis
Use when the user asks about verifying skill legitimacy or performing security reviews
Use when scanning for mobile threats in AI skills

How It Works

Step 1: Static Analysis

Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads.

Step 2: Platform-Specific Threat Detection

Analyzes code for platform-specific security issues across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).

1. Privilege, Ownership & Metadata Manipulation

Elevated Access: sudo, chown, chmod, TakeOwnership, icacls, Set-ExecutionPolicy.
Metadata Tampering: touch -t, setfile (macOS), attrib (Windows), Set-ItemProperty, chflags.
Risk: Unauthorized access, masking activity, or making files immutable.

2. File/Folder Locking & Resource Denial

Patterns: chmod 000, chattr +i (immutable), attrib +r +s +h, Deny ACEs in icacls.
Global Actions: Locking or hiding folders in %USERPROFILE%, /Users/, or /etc/.
Risk: Denial of service or data locking.

3. Script Execution & Batch Invocation

Legacy/Batch Windows: .bat, .cmd, cmd.exe /c, vbs, cscript, wscript.
Unix Shell: .sh, .bash, .zsh, chmod +x followed by execution.
PowerShell: .ps1, powershell -ExecutionPolicy Bypass -File ....
Hidden Flags: -WindowStyle Hidden, -w hidden, -noprofile.

4. Dangerous Install/Uninstall & System Changes

Windows: msiexec /qn, choco uninstall, reg delete.
Linux/Unix: apt-get purge, yum remove, rm -rf /usr/bin/....
macOS: brew uninstall, deleting from /Applications.
Risk: Removing security software or creating unmonitored installation paths.

5. Mobile Application & OS Security (Android/iOS)

Android Tools: adb shell, pm install, am start, apktool, dex2jar, keytool.
Android Files: Manipulation of AndroidManifest.xml (permissions), classes.dex, or strings.xml.
iOS Tools: xcodebuild, codesign, security find-identity, fastlane, xcrun.
iOS Files: Manipulation of Info.plist, Entitlements.plist, or Provisioning Profiles.
Mobile Patterns: Jailbreak/Root detection bypasses, hardcoded API keys in mobile source, or sensitive permission requests (Camera, GPS, Contacts) in non-mobile skills.
Risk: Malicious mobile package injection, credential theft from mobile builds, or device manipulation via ADB.

6. Information Disclosure & Network Exfiltration

Patterns: curl, wget, Invoke-WebRequest, Invoke-RestMethod, scp, ftp, nc, socat.
Sensible Data: .env, .ssh, cookies.sqlite, Keychains (macOS), Credentials (Windows), keystore (Android).
Intranet: Scanning internal IPs or mapping local services.

7. Service, Process & Stability Manipulation

Windows: Stop-Service, taskkill /f, sc.exe delete.
Unix/Mac: kill -9, pkill, systemctl disable/stop, launchctl unload.
Low-level: Direct disk access (dd), firmware/BIOS calls, kernel module management.

8. Obfuscation & Persistence

Encoding: Base64, Hex, XOR loops, atob().
Persistence: reg add (Run keys), schtasks, crontab, launchctl (macOS), systemd units.
Tubes: curl ... | bash, iwr ... | iex.

9. Legitimacy & Scope (Universal)

Registry Alignment: Cross-reference with CATALOG.md.
Structural Integrity: Does it follow the standard repo layout?
Healthy Scope: Does a "UI Design" skill need adb shell or sudo?

Step 3: Reporting

Generates a security report with a score (0-10), platform target identification, flagged actions, threat analysis, and mitigation recommendations.

Examples

Example 1: Security Review

"Perform a security audit on this skill bundle"

Example 2: Cross-Platform Threat Analysis

"Scan for mobile threats in this AI skill"

Best Practices

✅ Perform non-intrusive analysis
✅ Check for privilege escalation patterns
✅ Look for information disclosure vulnerabilities
✅ Analyze cross-platform threats
❌ Don't execute potentially malicious code during audit
❌ Don't modify the code being audited
❌ Don't ignore mobile-specific security concerns

Common Pitfalls

Problem: Executing code during audit Solution: Stick to static analysis methods only
Problem: Missing cross-platform threats Solution: Check for platform-specific security issues on all supported platforms
Problem: Failing to detect obfuscated payloads Solution: Look for encoding patterns like Base64, Hex, XOR loops, and atob()

Related Skills

@security-scanner - Additional security scanning capabilities

Related Skills

aliabbaschadhar/biopython

tools

VerifiedTrustedCommunity

Comprehensive molecular biology toolkit. Use for sequence manipulation, file parsing (FASTA/GenBank/PDB), phylogenetics, and programmatic NCBI/PubMed access (Bio.Entrez). Best for batch processing, custom bioinformatics pipelines, BLAST automation. For quick lookups use gget;...

SKILL.mdUpdated May 31, 2026

aliabbaschadhar/biopython

aliabbaschadhar/bill-gates

testing

VerifiedTrustedCommunity

Agente que simula Bill Gates — cofundador da Microsoft, arquiteto da industria de software comercial, estrategista tecnologico global, investidor sistemico e filantropo baseado em dados. Use...

SKILL.mdUpdated May 31, 2026

aliabbaschadhar/bill-gates

aliabbaschadhar/bdi-mental-states

development

VerifiedTrustedCommunity

This skill should be used when the user asks to "model agent mental states", "implement BDI architecture", "create belief-desire-intention models", "transform RDF to beliefs", "build cognitive agent", or mentions BDI ontology, mental state modeling, rational agency, or neuro-symbolic AI integration.

SKILL.mdUpdated May 31, 2026

aliabbaschadhar/bdi-mental-states

aliabbaschadhar/baseline-ui

development

VerifiedTrustedCommunity

Validates animation durations, enforces typography scale, checks component accessibility, and prevents layout anti-patterns in Tailwind CSS projects. Use when building UI components, reviewing CSS utilities, styling React views, or enforcing design consistency.

SKILL.mdUpdated May 31, 2026

aliabbaschadhar/baseline-ui

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aliabbaschadhar/agent-superpowers.git

# Copy into Claude Code skills folder (global)
cp -r agent-superpowers/assets/skills/audit-skills ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aliabbaschadhar/agent-superpowers

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT