skill-guard
skill-safeguard · v · by
62.3
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 0.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 60.0 | 15% |
| Clickfix | 65.0 | 15% |
| Credential | 60.0 | 15% |
| Twostage | 100.0 | 10% |
| Infrastructure | 100.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 10.6 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 0
[CRITICAL] Remote code download and execution via curl pipe
(line 56)
- Downloading + executing: `curl | sh`, `curl | bash`, `wget && chmod +x`, `pip install` from URL
[CRITICAL] Environment variable exfiltration to remote server
(line 42)
- Environment variable access for secrets: `os.environ`, `process.env`, `$API_KEY`, `$TOKEN`, `$PASSWORD`, `$SECRET`
[HIGH] Prompt injection or system override attempt
(line 29)
- Text overriding prior instructions: `ignore previous instructions`, `ignore all prior`, `you are now`, `new system pro
[HIGH] Shell command execution
(line 54)
- Dynamic execution: `eval(`, `exec(`, `compile(`, `Function(`, `setTimeout(` with string arg
[HIGH] Shell command execution
(line 55)
- Shell injection: `subprocess.call(shell=True)`, `os.system(`, `os.popen(`, backtick execution
[CRITICAL] Remote script download piped to shell execution
(line 56)
- Downloading + executing: `curl | sh`, `curl | bash`, `wget && chmod +x`, `pip install` from URL
[MEDIUM] Cron job installation or modification
(line 49)
- Writing to startup files or cron: `.bashrc`, `.zshrc`, `.profile`, `crontab`, `launchd`, `~/.config/autostart`
[MEDIUM] Discord webhook URL (common exfiltration channel)
(line 37)
- Webhook URLs: `hooks.slack.com`, `discord.com/api/webhooks`, `*.ngrok.io`, `*.requestbin.com`
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 60
[CRITICAL] Classic prompt injection: ignore previous instructions
(line 29)
- Text overriding prior instructions: `ignore previous instructions`, `ignore all prior`, `you are now`, `new system pro
CLICKFIX — Score: 65
[CRITICAL] Instructs user to disable security features
(line 70)
- Instructions to disable security checks or skip validation
INFRASTRUCTURE — Score: 100
No findings.
TWOSTAGE — Score: 100
No findings.
CREDENTIAL — Score: 60
[CRITICAL] macOS Keychain credential access
(line 43)
- Keychain/credential store access: `security find-generic-password`, `keyring`, `keyctl`
TYPOSQUAT — Score: 100
No findings.