Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

ranbot-ai/audit-skills

Name: audit-skills
Author: ranbot-ai

skills/audit-skills/SKILL.md

npx skillsauth add ranbot-ai/awesome-skills audit-skills

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Audit Skills (Premium Universal Security)

Overview

Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS). 2-4 sentences is perfect.

When to Use This Skill

Use when you need to audit AI skills and bundles for security vulnerabilities
Use when working with cross-platform security analysis
Use when the user asks about verifying skill legitimacy or performing security reviews
Use when scanning for mobile threats in AI skills

How It Works

Step 1: Static Analysis

Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads.

Step 2: Platform-Specific Threat Detection

Analyzes code for platform-specific security issues across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).

1. Privilege, Ownership & Metadata Manipulation

Elevated Access: sudo, chown, chmod, TakeOwnership, icacls, Set-ExecutionPolicy.
Metadata Tampering: touch -t, setfile (macOS), attrib (Windows), Set-ItemProperty, chflags.
Risk: Unauthorized access, masking activity, or making files immutable.

2. File/Folder Locking & Resource Denial

Patterns: chmod 000, chattr +i (immutable), attrib +r +s +h, Deny ACEs in icacls.
Global Actions: Locking or hiding folders in %USERPROFILE%, /Users/, or /etc/.
Risk: Denial of service or data locking.

3. Script Execution & Batch Invocation

Legacy/Batch Windows: .bat, .cmd, cmd.exe /c, vbs, cscript, wscript.
Unix Shell: .sh, .bash, .zsh, chmod +x followed by execution.
PowerShell: .ps1, powershell -ExecutionPolicy Bypass -File ....
Hidden Flags: -WindowStyle Hidden, -w hidden, -noprofile.

4. Dangerous Install/Uninstall & System Changes

Windows: msiexec /qn, choco uninstall, reg delete.
Linux/Unix: apt-get purge, yum remove, rm -rf /usr/bin/....
macOS: brew uninstall, deleting from /Applications.
Risk: Removing security software or creating unmonitored installation paths.

5. Mobile Application & OS Security (Android/iOS)

Android Tools: adb shell, pm install, am start, apktool, dex2jar, keytool.
Android Files: Manipulation of AndroidManifest.xml (permissions), classes.dex, or strings.xml.
iOS Tools: xcodebuild, codesign, security find-identity, fastlane, xcrun.
iOS Files: Manipulation of Info.plist, Entitlements.plist, or Provisioning Profiles.
Mobile Patterns: Jailbreak/Root detection bypasses, hardcoded API keys in mobile source, or sensitive permission requests (Camera, GPS, Contacts) in non-mobile skills.
Risk: Malicious mobile package injection, credential theft from mobile builds, or device manipulation via ADB.

6. Information Disclosure & Network Exfiltration

Patterns: curl, wget, Invoke-WebRequest, Invoke-RestMethod, scp, ftp, nc, socat.
Sensible Data: .env, .ssh, cookies.sqlite, Keychains (macOS), Credentials (Windows), keystore (Android).
Intranet: Scanning internal IPs or mapping local services.

7. Service, Process & Stability Manipulation

Windows: Stop-Service, taskkill /f, sc.exe delete.
Unix/Mac: kill -9, pkill, systemctl disable/stop, launchctl unload.
Low-level: Direct disk access (dd), firmware/BIOS calls, kernel module management.

8. Obfuscation & Persistence

Encoding: Base64, Hex, XOR loops, atob().
Persistence: reg add (Run keys), schtasks, crontab, launchctl (macOS), systemd units.
Remote script piping: network fetch commands that stream directly into a shell or PowerShell evaluator.

9. Legitimacy & Scope (Universal)

Registry Alignment: Cross-reference with CATALOG.md.
Structural Integrity: Does it follow the standard repo layout?
Healthy Scope: Does a "UI Design" skill need adb shell or sudo?

Step 3: Reporting

Generates a security report with a score (0-10), platform target identification, flagged actions, threat analysis, and mitigation recommendations.

Examples

Example 1: Security Review

"Perform a security audit on this skill bundle"

Example 2: Cross-Platform Threat Analysis

"Scan for mobile threats in this AI skill"

Best Practices

✅ Perform non-intrusive analysis
✅ Check for privilege escalation patterns
✅ Look for information disclosure vulnerabilities
✅ Analyze cross-platform threats
❌ Don't execute potentially malicious code during audit
❌ Don't modify the code being audited
❌ Don't ignore mobile-specific security concerns

Common Pitfalls

Problem: Executing code during audit Solution:

ranbot-ai/audit-skills

skills/audit-skills/SKILL.md

4 stars

testing

Updated May 25, 2026

$ install --global

skillsauth

npx skillsauth add ranbot-ai/awesome-skills audit-skills

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 25, 2026, 4:42 AM143.1s1 file scanned

SKILL.md

name:: audit-skills
description:: Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, ma
category:: AI & Agents
source:: antigravity
tags:: [markdown, api, claude, ai, gpt, design, security, cro]
url:: https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/audit-skills

Audit Skills (Premium Universal Security)

Overview

When to Use This Skill

Use when you need to audit AI skills and bundles for security vulnerabilities
Use when working with cross-platform security analysis
Use when the user asks about verifying skill legitimacy or performing security reviews
Use when scanning for mobile threats in AI skills

How It Works

Step 1: Static Analysis

Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads.

Step 2: Platform-Specific Threat Detection

Analyzes code for platform-specific security issues across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).

1. Privilege, Ownership & Metadata Manipulation

Elevated Access: sudo, chown, chmod, TakeOwnership, icacls, Set-ExecutionPolicy.
Metadata Tampering: touch -t, setfile (macOS), attrib (Windows), Set-ItemProperty, chflags.
Risk: Unauthorized access, masking activity, or making files immutable.

2. File/Folder Locking & Resource Denial

Patterns: chmod 000, chattr +i (immutable), attrib +r +s +h, Deny ACEs in icacls.
Global Actions: Locking or hiding folders in %USERPROFILE%, /Users/, or /etc/.
Risk: Denial of service or data locking.

3. Script Execution & Batch Invocation

Legacy/Batch Windows: .bat, .cmd, cmd.exe /c, vbs, cscript, wscript.
Unix Shell: .sh, .bash, .zsh, chmod +x followed by execution.
PowerShell: .ps1, powershell -ExecutionPolicy Bypass -File ....
Hidden Flags: -WindowStyle Hidden, -w hidden, -noprofile.

4. Dangerous Install/Uninstall & System Changes

Windows: msiexec /qn, choco uninstall, reg delete.
Linux/Unix: apt-get purge, yum remove, rm -rf /usr/bin/....
macOS: brew uninstall, deleting from /Applications.
Risk: Removing security software or creating unmonitored installation paths.

5. Mobile Application & OS Security (Android/iOS)

Android Tools: adb shell, pm install, am start, apktool, dex2jar, keytool.
Android Files: Manipulation of AndroidManifest.xml (permissions), classes.dex, or strings.xml.
iOS Tools: xcodebuild, codesign, security find-identity, fastlane, xcrun.
iOS Files: Manipulation of Info.plist, Entitlements.plist, or Provisioning Profiles.
Mobile Patterns: Jailbreak/Root detection bypasses, hardcoded API keys in mobile source, or sensitive permission requests (Camera, GPS, Contacts) in non-mobile skills.
Risk: Malicious mobile package injection, credential theft from mobile builds, or device manipulation via ADB.

6. Information Disclosure & Network Exfiltration

Patterns: curl, wget, Invoke-WebRequest, Invoke-RestMethod, scp, ftp, nc, socat.
Sensible Data: .env, .ssh, cookies.sqlite, Keychains (macOS), Credentials (Windows), keystore (Android).
Intranet: Scanning internal IPs or mapping local services.

7. Service, Process & Stability Manipulation

Windows: Stop-Service, taskkill /f, sc.exe delete.
Unix/Mac: kill -9, pkill, systemctl disable/stop, launchctl unload.
Low-level: Direct disk access (dd), firmware/BIOS calls, kernel module management.

8. Obfuscation & Persistence

Encoding: Base64, Hex, XOR loops, atob().
Persistence: reg add (Run keys), schtasks, crontab, launchctl (macOS), systemd units.
Remote script piping: network fetch commands that stream directly into a shell or PowerShell evaluator.

9. Legitimacy & Scope (Universal)

Registry Alignment: Cross-reference with CATALOG.md.
Structural Integrity: Does it follow the standard repo layout?
Healthy Scope: Does a "UI Design" skill need adb shell or sudo?

Step 3: Reporting

Generates a security report with a score (0-10), platform target identification, flagged actions, threat analysis, and mitigation recommendations.

Examples

Example 1: Security Review

"Perform a security audit on this skill bundle"

Example 2: Cross-Platform Threat Analysis

"Scan for mobile threats in this AI skill"

Best Practices

✅ Perform non-intrusive analysis
✅ Check for privilege escalation patterns
✅ Look for information disclosure vulnerabilities
✅ Analyze cross-platform threats
❌ Don't execute potentially malicious code during audit
❌ Don't modify the code being audited
❌ Don't ignore mobile-specific security concerns

Common Pitfalls

Problem: Executing code during audit Solution:

Related Skills

ranbot-ai/nextjs-seo-indexing

testing

VerifiedTrustedCommunity

Fix SEO indexing issues, crawl budget problems, and Search Console coverage errors for Next.js apps. Covers canonical tags, noindex audits, sitemap health, static rendering, and internal linking.

5SKILL.mdUpdated Jun 2, 2026

ranbot-ai/nextjs-seo-indexing

ranbot-ai/moatmri

data-ai

VerifiedTrustedCommunity

Analyze AI disruption pressure across a business, map competitive exposure, and produce a 90-day defensive action plan.

5SKILL.mdUpdated Jun 2, 2026

ranbot-ai/skills/longbridge

tools

VerifiedTrustedCommunity

--- name: longbridge description: 125+ agent skills for Longbridge Securities — real-time quotes, charts, fundamentals, portfolio analysis, options, and more for HK/US/A-share/SG markets. Trilingual: Simplified Chinese, Traditional category: AI & Agents source: antigravity tags: [api, mcp, claude, ai, agent, security, cro] url: https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/longbridge --- # Longbridge ## Overview Longbridge is the official skill collection for Longbr

5SKILL.mdUpdated Jun 2, 2026

ranbot-ai/skills/longbridge

ranbot-ai/github-actions-advanced

tools

VerifiedTrustedCommunity

Design, debug, and harden GitHub Actions CI/CD workflows, including reusable workflows, matrix builds, self-hosted runners, OIDC authentication, caching, environments, secrets, and release automation.

5SKILL.mdUpdated Jun 2, 2026

ranbot-ai/github-actions-advanced

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/ranbot-ai/awesome-skills.git

# Copy into Claude Code skills folder (global)
cp -r awesome-skills/skills/audit-skills ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

ranbot-ai/awesome-skills

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT