Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

oaor75/audit-skills

Name: audit-skills
Author: oaor75

skills/audit-skills/SKILL.md

npx skillsauth add oaor75/skillsAntigravity audit-skills

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Audit Skills (Premium Universal Security)

Overview

Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS). 2-4 sentences is perfect.

When to Use This Skill

Use when you need to audit AI skills and bundles for security vulnerabilities
Use when working with cross-platform security analysis
Use when the user asks about verifying skill legitimacy or performing security reviews
Use when scanning for mobile threats in AI skills

How It Works

Step 1: Static Analysis

Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads.

Step 2: Platform-Specific Threat Detection

Analyzes code for platform-specific security issues across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).

1. Privilege, Ownership & Metadata Manipulation

Elevated Access: sudo, chown, chmod, TakeOwnership, icacls, Set-ExecutionPolicy.
Metadata Tampering: touch -t, setfile (macOS), attrib (Windows), Set-ItemProperty, chflags.
Risk: Unauthorized access, masking activity, or making files immutable.

2. File/Folder Locking & Resource Denial

Patterns: chmod 000, chattr +i (immutable), attrib +r +s +h, Deny ACEs in icacls.
Global Actions: Locking or hiding folders in %USERPROFILE%, /Users/, or /etc/.
Risk: Denial of service or data locking.

3. Script Execution & Batch Invocation

Legacy/Batch Windows: .bat, .cmd, cmd.exe /c, vbs, cscript, wscript.
Unix Shell: .sh, .bash, .zsh, chmod +x followed by execution.
PowerShell: .ps1, powershell -ExecutionPolicy Bypass -File ....
Hidden Flags: -WindowStyle Hidden, -w hidden, -noprofile.

4. Dangerous Install/Uninstall & System Changes

Windows: msiexec /qn, choco uninstall, reg delete.
Linux/Unix: apt-get purge, yum remove, rm -rf /usr/bin/....
macOS: brew uninstall, deleting from /Applications.
Risk: Removing security software or creating unmonitored installation paths.

5. Mobile Application & OS Security (Android/iOS)

Android Tools: adb shell, pm install, am start, apktool, dex2jar, keytool.
Android Files: Manipulation of AndroidManifest.xml (permissions), classes.dex, or strings.xml.
iOS Tools: xcodebuild, codesign, security find-identity, fastlane, xcrun.
iOS Files: Manipulation of Info.plist, Entitlements.plist, or Provisioning Profiles.
Mobile Patterns: Jailbreak/Root detection bypasses, hardcoded API keys in mobile source, or sensitive permission requests (Camera, GPS, Contacts) in non-mobile skills.
Risk: Malicious mobile package injection, credential theft from mobile builds, or device manipulation via ADB.

6. Information Disclosure & Network Exfiltration

Patterns: curl, wget, Invoke-WebRequest, Invoke-RestMethod, scp, ftp, nc, socat.
Sensible Data: .env, .ssh, cookies.sqlite, Keychains (macOS), Credentials (Windows), keystore (Android).
Intranet: Scanning internal IPs or mapping local services.

7. Service, Process & Stability Manipulation

Windows: Stop-Service, taskkill /f, sc.exe delete.
Unix/Mac: kill -9, pkill, systemctl disable/stop, launchctl unload.
Low-level: Direct disk access (dd), firmware/BIOS calls, kernel module management.

8. Obfuscation & Persistence

Encoding: Base64, Hex, XOR loops, atob().
Persistence: reg add (Run keys), schtasks, crontab, launchctl (macOS), systemd units.
Tubes: curl ... | bash, iwr ... | iex.

9. Legitimacy & Scope (Universal)

Registry Alignment: Cross-reference with CATALOG.md.
Structural Integrity: Does it follow the standard repo layout?
Healthy Scope: Does a "UI Design" skill need adb shell or sudo?

Step 3: Reporting

Generates a security report with a score (0-10), platform target identification, flagged actions, threat analysis, and mitigation recommendations.

Examples

Example 1: Security Review

"Perform a security audit on this skill bundle"

Example 2: Cross-Platform Threat Analysis

"Scan for mobile threats in this AI skill"

Best Practices

✅ Perform non-intrusive analysis
✅ Check for privilege escalation patterns
✅ Look for information disclosure vulnerabilities
✅ Analyze cross-platform threats
❌ Don't execute potentially malicious code during audit
❌ Don't modify the code being audited
❌ Don't ignore mobile-specific security concerns

Common Pitfalls

Problem: Executing code during audit Solution: Stick to static analysis methods only
Problem: Missing cross-platform threats Solution: Check for platform-specific security issues on all supported platforms
Problem: Failing to detect obfuscated payloads Solution: Look for encoding patterns like Base64, Hex, XOR loops, and atob()

Related Skills

@security-scanner - Additional security scanning capabilities

oaor75/audit-skills

skills/audit-skills/SKILL.md

testing

Updated Apr 24, 2026

$ install --global

skillsauth

npx skillsauth add oaor75/skillsAntigravity audit-skills

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 3, 2026, 9:08 AM5.3s1 file scanned

SKILL.md

name:: audit-skills
description:: Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).
category:: security
risk:: safe
source:: community
date_added:: 2026-03-07
author:: MAIOStudio
tags:: [security, audit, skills, bundles, cross-platform]
tools:: [claude, gemini, gpt, llama, mistral, etc]

Audit Skills (Premium Universal Security)

Overview

When to Use This Skill

Use when you need to audit AI skills and bundles for security vulnerabilities
Use when working with cross-platform security analysis
Use when the user asks about verifying skill legitimacy or performing security reviews
Use when scanning for mobile threats in AI skills

How It Works

Step 1: Static Analysis

Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads.

Step 2: Platform-Specific Threat Detection

Analyzes code for platform-specific security issues across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).

1. Privilege, Ownership & Metadata Manipulation

Elevated Access: sudo, chown, chmod, TakeOwnership, icacls, Set-ExecutionPolicy.
Metadata Tampering: touch -t, setfile (macOS), attrib (Windows), Set-ItemProperty, chflags.
Risk: Unauthorized access, masking activity, or making files immutable.

2. File/Folder Locking & Resource Denial

Patterns: chmod 000, chattr +i (immutable), attrib +r +s +h, Deny ACEs in icacls.
Global Actions: Locking or hiding folders in %USERPROFILE%, /Users/, or /etc/.
Risk: Denial of service or data locking.

3. Script Execution & Batch Invocation

Legacy/Batch Windows: .bat, .cmd, cmd.exe /c, vbs, cscript, wscript.
Unix Shell: .sh, .bash, .zsh, chmod +x followed by execution.
PowerShell: .ps1, powershell -ExecutionPolicy Bypass -File ....
Hidden Flags: -WindowStyle Hidden, -w hidden, -noprofile.

4. Dangerous Install/Uninstall & System Changes

Windows: msiexec /qn, choco uninstall, reg delete.
Linux/Unix: apt-get purge, yum remove, rm -rf /usr/bin/....
macOS: brew uninstall, deleting from /Applications.
Risk: Removing security software or creating unmonitored installation paths.

5. Mobile Application & OS Security (Android/iOS)

Android Tools: adb shell, pm install, am start, apktool, dex2jar, keytool.
Android Files: Manipulation of AndroidManifest.xml (permissions), classes.dex, or strings.xml.
iOS Tools: xcodebuild, codesign, security find-identity, fastlane, xcrun.
iOS Files: Manipulation of Info.plist, Entitlements.plist, or Provisioning Profiles.
Mobile Patterns: Jailbreak/Root detection bypasses, hardcoded API keys in mobile source, or sensitive permission requests (Camera, GPS, Contacts) in non-mobile skills.
Risk: Malicious mobile package injection, credential theft from mobile builds, or device manipulation via ADB.

6. Information Disclosure & Network Exfiltration

Patterns: curl, wget, Invoke-WebRequest, Invoke-RestMethod, scp, ftp, nc, socat.
Sensible Data: .env, .ssh, cookies.sqlite, Keychains (macOS), Credentials (Windows), keystore (Android).
Intranet: Scanning internal IPs or mapping local services.

7. Service, Process & Stability Manipulation

Windows: Stop-Service, taskkill /f, sc.exe delete.
Unix/Mac: kill -9, pkill, systemctl disable/stop, launchctl unload.
Low-level: Direct disk access (dd), firmware/BIOS calls, kernel module management.

8. Obfuscation & Persistence

Encoding: Base64, Hex, XOR loops, atob().
Persistence: reg add (Run keys), schtasks, crontab, launchctl (macOS), systemd units.
Tubes: curl ... | bash, iwr ... | iex.

9. Legitimacy & Scope (Universal)

Registry Alignment: Cross-reference with CATALOG.md.
Structural Integrity: Does it follow the standard repo layout?
Healthy Scope: Does a "UI Design" skill need adb shell or sudo?

Step 3: Reporting

Generates a security report with a score (0-10), platform target identification, flagged actions, threat analysis, and mitigation recommendations.

Examples

Example 1: Security Review

"Perform a security audit on this skill bundle"

Example 2: Cross-Platform Threat Analysis

"Scan for mobile threats in this AI skill"

Best Practices

✅ Perform non-intrusive analysis
✅ Check for privilege escalation patterns
✅ Look for information disclosure vulnerabilities
✅ Analyze cross-platform threats
❌ Don't execute potentially malicious code during audit
❌ Don't modify the code being audited
❌ Don't ignore mobile-specific security concerns

Common Pitfalls

Problem: Executing code during audit Solution: Stick to static analysis methods only
Problem: Missing cross-platform threats Solution: Check for platform-specific security issues on all supported platforms
Problem: Failing to detect obfuscated payloads Solution: Look for encoding patterns like Base64, Hex, XOR loops, and atob()

Related Skills

@security-scanner - Additional security scanning capabilities

Related Skills

oaor75/azure-servicebus-py

development

VerifiedTrustedCommunity

Azure Service Bus SDK for Python messaging. Use for queues, topics, subscriptions, and enterprise messaging patterns.

SKILL.mdUpdated Apr 24, 2026

oaor75/azure-servicebus-py

oaor75/azure-servicebus-dotnet

development

VerifiedTrustedCommunity

Azure Service Bus SDK for .NET. Enterprise messaging with queues, topics, subscriptions, and sessions.

SKILL.mdUpdated Apr 24, 2026

oaor75/azure-servicebus-dotnet

oaor75/azure-security-keyvault-secrets-java

development

VerifiedTrustedCommunity

Azure Key Vault Secrets Java SDK for secret management. Use when storing, retrieving, or managing passwords, API keys, connection strings, or other sensitive configuration data.

SKILL.mdUpdated Apr 24, 2026

oaor75/azure-security-keyvault-secrets-java

oaor75/azure-security-keyvault-keys-java

development

VerifiedTrustedCommunity

Azure Key Vault Keys Java SDK for cryptographic key management. Use when creating, managing, or using RSA/EC keys, performing encrypt/decrypt/sign/verify operations, or working with HSM-backed keys.

SKILL.mdUpdated Apr 24, 2026

oaor75/azure-security-keyvault-keys-java

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/oaor75/skillsAntigravity.git

# Copy into Claude Code skills folder (global)
cp -r skillsAntigravity/skills/audit-skills ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

oaor75/skillsAntigravity

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT