shanezhong/skill-auditor
skills/skill-auditor/SKILL.md
Pre-install security gate for Claude Code skills. Automatically intercepts `npx skills add` commands, fetches the skill files from GitHub, runs an LLM-based security audit (and optionally Aguara), and shows a risk report before allowing installation. Use this skill when users want to audit, vet, review, or scan skills for security before installing. Also triggers when users say "is this skill safe", "check this skill", "scan my installed skills", or "audit skills". Can also scan already-installed skills on demand.
$ install --global
skillsauthnpx skillsauth add shanezhong/skills skill-auditorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 2, 2026, 3:40 AM123.8s2 files scanned
SKILL.md
- name:
- skill-auditor
- description:
- Pre-install security gate for Claude Code skills. Automatically intercepts `npx skills add` commands, fetches the skill files from GitHub, runs an LLM-based security audit (and optionally Aguara), and shows a risk report before allowing installation. Use this skill when users want to audit, vet, review, or scan skills for security before installing. Also triggers when users say "is this skill safe", "check this skill", "scan my installed skills", or "audit skills". Can also scan already-installed skills on demand.
Skill Auditor
A pre-install security gate that catches what static scanners miss — by using an LLM to reason about skill intent, not just pattern-match.
How It Works
Automatic Mode (Pre-Install Hook)
When configured as a hook, skill-auditor intercepts every npx skills add command:
- Intercepts the install command before it runs
- Fetches the skill files from GitHub (no git clone — just the relevant files)
- Scans with Aguara if installed (optional, for static pattern matching)
- Audits with Claude API — the core value-add, reasoning about intent
- Reports findings with a risk level (LOW / MEDIUM / HIGH / CRITICAL)
- Blocks MEDIUM+ risk installs until the user explicitly retries
On retry within 5 minutes, the cached result is used and the install proceeds — this is the "soft warn" pattern. The user always sees the report before anything installs.
Manual Mode (On-Demand Scanning)
You can also scan skills that are already installed:
# Scan a single installed skill
/Users/shane/Documents/playground/.venv/bin/python3 ~/.claude/skills/skill-auditor/scripts/audit.py --scan-local ~/.agents/skills/nblm
# Scan ALL installed skills
/Users/shane/Documents/playground/.venv/bin/python3 ~/.claude/skills/skill-auditor/scripts/audit.py --scan-all
Setup
1. Configure the Hook
Add this to ~/.claude/settings.json:
{
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "/Users/shane/Documents/playground/.venv/bin/python3 /Users/shane/.claude/skills/skill-auditor/scripts/audit.py"
}
]
}
]
}
}
2. Set Your API Key
The script reads ANTHROPIC_API_KEY from the environment. Make sure it's set in your shell profile or .env.
3. Optional: Install Aguara
For additional static pattern scanning:
go install github.com/garagon/aguara/cmd/aguara@latest
Aguara is optional — the LLM audit runs regardless.
What It Detects (13 Categories)
Static Analysis Overlap (second opinion alongside Aguara)
- Prompt injection — hidden instructions, delimiter injection
- Data exfiltration — env vars, SSH keys, credentials being read/sent
- Filesystem abuse — writing to startup files, reading sensitive paths
- Obfuscation — base64, unicode tricks, zero-width characters
LLM-Unique (the real value-add)
- Intent & scope coherence — does actual behavior match the stated description?
- Agent social engineering — "user already approved", role-switching, urgency framing, output suppression
- Conditional / rug-pull logic — triggers based on date, environment, or user input
- Cross-file coordination — SKILL.md says "run setup.sh" but setup.sh does something different
Inspired by Community Vetters
- Dependency risks — typosquatted packages, unusual registries
- Permission combinations — network + shell = exfiltration risk
- Typosquat detection — skill name suspiciously similar to popular skills
- Metadata verification — anonymous author, vague description, missing version
- Version delta risk — diff against previous version if one exists locally
Configuration
Environment variables:
| Variable | Default | Description |
|----------|---------|-------------|
| ANTHROPIC_API_KEY | (required) | API key for Claude |
| SKILL_AUDITOR_MODEL | claude-sonnet-4-6-20250514 | Model for security analysis |
| SKILL_AUDITOR_CACHE_TTL | 300 | Seconds before cached result expires |
| SKILL_AUDITOR_SKIP_AGUARA | 0 | Set to 1 to skip Aguara even if installed |
Report Format
============================================================
SKILL SECURITY AUDIT: owner/repo@skill-name
============================================================
Aguara: 2 warnings (hardcoded path, curl|bash pattern)
LLM Review: MEDIUM risk
Findings:
[HIGH] scripts/install.sh writes to ~/.config without disclosure
[MEDIUM] SKILL.md requests broad filesystem access
[LOW] No credential exfiltration patterns detected
[INFO] Author has 126 GitHub stars, account age 3 years
Overall Risk: MEDIUM
Recommendation: Review findings before installing
To proceed, run the install command again within 5 minutes.
============================================================
Related Skills
shanezhong/template-skill
tools
VerifiedTrustedCommunity
Replace with description of the skill and when Claude should use it.
1SKILL.mdUpdated Jun 2, 2026
shanezhong/youtube-ai-interview-finder
documentation
VerifiedTrustedCommunity
Find one fresh YouTube AI interview/podcast video matching strict editorial criteria, intended as the source for a blog post (substack-writer Step 1). Use when the user says "find a YouTube video for today's blog", "find an AI interview video", "auto-pick a video for substack-writer", or runs the daily content cron. Filters by duration, upload month, dedup against previously used videos, then the agent picks one with reasoning.
1SKILL.mdUpdated Jun 2, 2026
shanezhong/xlsx
development
VerifiedTrustedCommunity
Use this skill any time a spreadsheet file is the primary input or output. This means any task where the user wants to: open, read, edit, or fix an existing .xlsx, .xlsm, .csv, or .tsv file (e.g., adding columns, computing formulas, formatting, charting, cleaning messy data); create a new spreadsheet from scratch or from other data sources; or convert between tabular file formats. Trigger especially when the user references a spreadsheet file by name or path — even casually (like "the xlsx in my downloads") — and wants something done to it or produced from it. Also trigger for cleaning or restructuring messy tabular data files (malformed rows, misplaced headers, junk data) into proper spreadsheets. The deliverable must be a spreadsheet file. Do NOT trigger when the primary deliverable is a Word document, HTML report, standalone Python script, database pipeline, or Google Sheets API integration, even if tabular data is involved.
1SKILL.mdUpdated Jun 2, 2026
shanezhong/webapp-testing
tools
VerifiedTrustedCommunity
Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.
1SKILL.mdUpdated Jun 2, 2026