mtthwmllr/skill-safety-auditor
Audits a Claude Code skill for security risks in three modes: before download (from a URL or install command), after download but before install (from a .skill file), or after install (from a local skills directory). Use this skill whenever a user is about to install a skill from any source — including GitHub URLs, git clone commands, npx/npm commands, curl/wget downloads, pip installs, marketplace links, or raw SKILL.md URLs. Also trigger when a user asks "is this skill safe?", "should I trust this skill?", "can you check this before I install it?", "audit this skill", or pastes any link to a skill repository or .skill file. If a user mentions installing ANY skill, proactively offer to audit it first — do not wait for them to ask.
97
1.28x
Quality
97%
Does it follow best practices?
Impact
99%
1.28xAverage score across 5 eval scenarios
Securityby
Advisory
Suggest reviewing before use
privacy.html
<!DOCTYPE html>
<html lang="en">
<head>
<!-- Google Analytics — loads only after cookie consent -->
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
function loadGA() {
if (window._gaLoaded) return;
window._gaLoaded = true;
var s = document.createElement('script');
s.async = true;
s.src = 'https://www.googletagmanager.com/gtag/js?id=G-0RPLW5GHBM';
document.head.appendChild(s);
gtag('js', new Date());
gtag('config', 'G-0RPLW5GHBM', { 'anonymize_ip': true });
}
if (localStorage.getItem('cookie_consent') === 'accepted') {
loadGA();
}
</script>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Privacy Policy — Skill Safety Auditor</title>
<meta name="description" content="Privacy policy for skill-safety-auditor.vercel.app. Short, plain English, no fine print.">
<link rel="canonical" href="https://skill-safety-auditor.vercel.app/privacy">
<link rel="icon" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 100 100'><text y='.9em' font-size='90'>🛡️</text></svg>">
<link rel="apple-touch-icon" href="https://skill-safety-auditor.vercel.app/author.jpg">
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@graph": [
{
"@type": "WebPage",
"name": "Privacy Policy — Skill Safety Auditor",
"url": "https://skill-safety-auditor.vercel.app/privacy",
"description": "Privacy policy for skill-safety-auditor.vercel.app. Short, plain English, no fine print.",
"dateModified": "2026-04-15",
"isPartOf": { "@type": "WebSite", "url": "https://skill-safety-auditor.vercel.app/" }
},
{
"@type": "BreadcrumbList",
"itemListElement": [
{ "@type": "ListItem", "position": 1, "name": "Home", "item": "https://skill-safety-auditor.vercel.app/" },
{ "@type": "ListItem", "position": 2, "name": "Privacy Policy", "item": "https://skill-safety-auditor.vercel.app/privacy" }
]
}
]
}
</script>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Instrument+Serif:ital@0;1&family=Onest:wght@300;400;500;600;700&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">
<style>
:root {
--bg: #F8FAF7;
--bg-surface: #EFF3EC;
--bg-card: #FFFFFF;
--border: #D4DDD1;
--border-strong: #B5C4B0;
--text: #1A1916;
--text-secondary:#3D3A34;
--text-muted: #6B6760;
--text-dim: #605D58;
--hero-bg: #1E2D1F;
--hero-text: #EFF5EE;
--hero-muted: #87A882;
--accent: #3A7A54;
--accent-hover: #2D6042;
--accent-light: #E4F0E8;
--accent-mid: #6AAF88;
--serif: 'Instrument Serif', Georgia, serif;
--sans: 'Onest', -apple-system, BlinkMacSystemFont, sans-serif;
--mono: 'JetBrains Mono', 'SF Mono', 'Fira Code', monospace;
--radius: 8px;
--radius-lg: 12px;
--shadow-sm: 0 1px 3px rgba(26,25,22,.08), 0 1px 2px rgba(26,25,22,.05);
}
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
html { font-size: 18px; scroll-behavior: smooth; }
body {
background: var(--bg);
color: var(--text);
font-family: var(--sans);
line-height: 1.65;
-webkit-font-smoothing: antialiased;
}
/* ── Nav ─────────────────────────────────── */
.site-nav {
position: fixed;
top: 0; left: 0; right: 0;
z-index: 100;
height: 56px;
display: flex;
align-items: center;
background: rgba(30,45,31,.92);
backdrop-filter: blur(12px);
-webkit-backdrop-filter: blur(12px);
border-bottom: 1px solid rgba(255,255,255,.07);
}
.nav-inner {
max-width: 1100px;
margin: 0 auto;
padding: 0 24px;
width: 100%;
display: flex;
justify-content: space-between;
align-items: center;
}
.nav-brand {
font-weight: 600;
font-size: 0.88rem;
color: #EFF5EE;
text-decoration: none;
display: flex;
align-items: center;
gap: 8px;
letter-spacing: -0.01em;
white-space: nowrap;
}
.nav-brand:hover { color: var(--accent-mid); text-decoration: none; }
.nav-brand-icon {
width: 26px; height: 26px;
background: var(--accent);
border-radius: 6px;
display: flex; align-items: center; justify-content: center;
font-size: 13px; flex-shrink: 0;
}
.nav-back {
font-size: 0.82rem;
color: #87A882;
text-decoration: none;
font-weight: 500;
transition: color .15s;
}
.nav-back:hover { color: #F1F5F9; }
/* ── Layout ──────────────────────────────── */
.page-wrap {
max-width: 680px;
margin: 0 auto;
padding: 96px 24px 80px;
}
/* ── Typography ──────────────────────────── */
h1 {
font-family: var(--serif);
font-size: clamp(2rem, 4vw, 2.8rem);
font-weight: 400;
line-height: 1.2;
letter-spacing: -.01em;
color: var(--text);
margin-bottom: 8px;
}
.page-meta {
font-size: 0.8rem;
color: var(--text-muted);
margin-bottom: 48px;
}
h2 {
font-size: 1.05rem;
font-weight: 600;
color: var(--text);
letter-spacing: -.02em;
margin: 40px 0 10px;
}
p {
color: var(--text-secondary);
margin-bottom: 14px;
font-size: 0.95rem;
}
p:last-child { margin-bottom: 0; }
strong { color: var(--text); font-weight: 600; }
a { color: var(--accent); text-decoration: none; transition: color .15s; }
a:hover { color: var(--accent-hover); text-decoration: underline; }
ul {
list-style: none;
margin: 0 0 14px;
padding: 0;
display: flex;
flex-direction: column;
gap: 6px;
}
ul li {
font-size: 0.95rem;
color: var(--text-secondary);
padding-left: 18px;
position: relative;
}
ul li::before {
content: '–';
position: absolute;
left: 0;
color: var(--text-muted);
}
.divider {
height: 1px;
background: var(--border);
margin: 40px 0;
}
/* ── Footer ──────────────────────────────── */
footer {
padding: 36px 0;
border-top: 1px solid var(--border);
background: var(--bg-surface);
}
.footer-inner {
max-width: 1100px;
margin: 0 auto;
padding: 0 24px;
display: flex;
justify-content: space-between;
align-items: center;
flex-wrap: wrap;
gap: 12px;
}
.footer-links { display: flex; gap: 20px; flex-wrap: wrap; }
.footer-links a { font-size: 0.82rem; color: var(--text-muted); }
.footer-links a:hover { color: var(--text); }
/* ── Skip / a11y ─────────────────────────── */
.skip-link {
position: absolute;
top: -100%; left: 24px;
padding: 8px 16px;
background: var(--accent);
color: #fff;
font-size: 0.85rem;
font-weight: 600;
border-radius: 0 0 var(--radius) var(--radius);
text-decoration: none;
z-index: 1000;
transition: top .1s;
}
.skip-link:focus { top: 0; }
:focus-visible {
outline: 3px solid var(--accent);
outline-offset: 3px;
border-radius: 3px;
}
.sr-only {
position: absolute;
width: 1px; height: 1px;
padding: 0; margin: -1px;
overflow: hidden;
clip: rect(0,0,0,0);
white-space: nowrap;
border: 0;
}
@media (prefers-reduced-motion: reduce) {
*, *::before, *::after {
animation-duration: .01ms !important;
transition-duration: .01ms !important;
}
}
/* ── Cookie consent ──────────────────────── */
#cookie-banner {
position: fixed;
bottom: 0; left: 0; right: 0;
z-index: 500;
background: #1A2A1B;
border-top: 1px solid rgba(255,255,255,.10);
padding: 16px 24px;
display: flex;
align-items: center;
gap: 16px;
flex-wrap: wrap;
font-size: 0.82rem;
color: #87A882;
}
#cookie-banner p { margin: 0; flex: 1; min-width: 200px; color: #87A882; }
#cookie-banner a { color: #6AAF88; }
.cookie-actions { display: flex; gap: 8px; flex-shrink: 0; }
.cookie-btn {
padding: 7px 16px;
border-radius: 8px;
font-family: var(--sans);
font-size: 0.8rem;
font-weight: 600;
cursor: pointer;
border: none;
transition: all .15s;
}
.cookie-btn-accept { background: #3A7A54; color: #fff; }
.cookie-btn-accept:hover { background: #2D6042; }
.cookie-btn-decline { background: transparent; color: #87A882; border: 1px solid rgba(255,255,255,.15); }
.cookie-btn-decline:hover { background: rgba(255,255,255,.07); color: #EFF5EE; }
</style>
</head>
<body>
<a href="#main-content" class="skip-link">Skip to main content</a>
<nav class="site-nav" aria-label="Site navigation">
<div class="nav-inner">
<a href="/" class="nav-brand">
<span class="nav-brand-icon" aria-hidden="true">🛡️</span>
Skill Safety Auditor
</a>
<a href="/" class="nav-back">← Back to home</a>
</div>
</nav>
<main id="main-content">
<div class="page-wrap">
<h1>Privacy Policy</h1>
<p class="page-meta">skill-safety-auditor.vercel.app · Last updated: April 15, 2026</p>
<p>This is a landing page for a free, open-source Claude Code skill. No accounts. No logins. Nothing you type here goes anywhere.</p>
<div class="divider"></div>
<h2>What data is collected</h2>
<p><strong>Google Analytics</strong> collects basic usage data when you visit: pages viewed, time on page, general location (country/region), browser, and device type. This is anonymous aggregate data — it tells me "100 people visited from Canada," not who visited or when. Google sets cookies to track sessions. You can opt out at <a href="https://tools.google.com/dlpage/gaoptout" target="_blank" rel="noopener noreferrer">tools.google.com/dlpage/gaoptout<span class="sr-only"> (opens in new tab)</span></a>.</p>
<p><strong>Vercel</strong> hosts this site and automatically logs standard server data: IP addresses, request timestamps, and page paths. This is used for uptime and error monitoring. See <a href="https://vercel.com/legal/privacy-policy" target="_blank" rel="noopener noreferrer">vercel.com/legal/privacy-policy<span class="sr-only"> (opens in new tab)</span></a>.</p>
<p><strong>GitHub</strong> serves the skill download file and source code. Clicking a GitHub link takes you to GitHub, where their privacy policy applies. See <a href="https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement" target="_blank" rel="noopener noreferrer">GitHub's privacy statement<span class="sr-only"> (opens in new tab)</span></a>.</p>
<div class="divider"></div>
<h2>What is not collected</h2>
<ul>
<li>No email addresses</li>
<li>No names or personal details</li>
<li>No form submissions</li>
<li>No data from Claude or your audit results — the skill runs entirely inside your Claude Code session on your own machine</li>
</ul>
<div class="divider"></div>
<h2>Cookies</h2>
<p>Google Analytics sets cookies to track sessions and page views. No other cookies are used on this site.</p>
<div class="divider"></div>
<h2>Contact</h2>
<p>Questions? Open an issue on <a href="https://github.com/mtthwmllr/skill-safety-auditor" target="_blank" rel="noopener noreferrer">GitHub<span class="sr-only"> (opens in new tab)</span></a> or reach out on <a href="https://www.linkedin.com/in/mtthwmllr/" target="_blank" rel="noopener noreferrer">LinkedIn<span class="sr-only"> (opens in new tab)</span></a>.</p>
</div>
</main>
<footer>
<div class="footer-inner">
<div class="footer-links">
<a href="https://github.com/mtthwmllr/skill-safety-auditor" target="_blank" rel="noopener noreferrer">Skill Source on GitHub<span class="sr-only"> (opens in new tab)</span></a>
<a href="https://github.com/mtthwmllr/skill-safety-auditor-plugin" target="_blank" rel="noopener noreferrer">Plugin Source on GitHub<span class="sr-only"> (opens in new tab)</span></a>
<a href="/privacy">Privacy Policy</a>
</div>
<a href="https://www.w3.org/WAI/WCAG2AA-Conformance" title="Explanation of WCAG 2 Level AA conformance" target="_blank" rel="noopener noreferrer">
<img height="31" width="88" src="https://www.w3.org/WAI/WCAG21/wcag2.1AA-blue-v.png" alt="Level AA conformance, W3C Web Content Accessibility Guidelines 2.1"><span class="sr-only"> (opens in new tab)</span>
</a>
</div>
</footer>
<!-- ── Cookie consent banner ───────────────────── -->
<div id="cookie-banner" role="region" aria-label="Cookie consent" style="display:none">
<p>This site uses cookies to collect anonymous usage data. You're already on the privacy policy page.</p>
<div class="cookie-actions">
<button class="cookie-btn cookie-btn-decline" onclick="cookieConsent(false)">Decline</button>
<button class="cookie-btn cookie-btn-accept" onclick="cookieConsent(true)">Accept</button>
</div>
</div>
<script>
(function() {
var consent = localStorage.getItem('cookie_consent');
if (!consent) {
document.getElementById('cookie-banner').style.display = 'flex';
}
})();
function cookieConsent(accepted) {
localStorage.setItem('cookie_consent', accepted ? 'accepted' : 'declined');
document.getElementById('cookie-banner').style.display = 'none';
if (accepted) loadGA();
}
</script>
</body>
</html>audit-sample
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5