CtrlK
BlogDocsLog inGet started
Tessl Logo

mtthwmllr/skill-safety-auditor

Audits a Claude Code skill for security risks in three modes: before download (from a URL or install command), after download but before install (from a .skill file), or after install (from a local skills directory). Use this skill whenever a user is about to install a skill from any source — including GitHub URLs, git clone commands, npx/npm commands, curl/wget downloads, pip installs, marketplace links, or raw SKILL.md URLs. Also trigger when a user asks "is this skill safe?", "should I trust this skill?", "can you check this before I install it?", "audit this skill", or pastes any link to a skill repository or .skill file. If a user mentions installing ANY skill, proactively offer to audit it first — do not wait for them to ask.

97

1.28x
Quality

97%

Does it follow best practices?

Impact

99%

1.28x

Average score across 5 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

Overview
Quality
Evals
Security
Files

criteria.jsonevals/scenario-3/

{
  "context": "Tests whether the agent correctly identifies WARNING-level findings in a Mode 2 (downloaded, not installed) audit: Bash access (A1), overly broad tool list (A4), script with file access outside working directory (B5), and outbound network calls (B2 standalone). Verdict should be PROCEED WITH CAUTION. Mode 2 transparency notice should appear.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "PROCEED WITH CAUTION verdict",
      "description": "The report states a PROCEED WITH CAUTION verdict (or equivalent — warnings found, no criticals)",
      "max_score": 10
    },
    {
      "name": "Mode 2 transparency notice",
      "description": "The report contains a transparency notice matching Mode 2: states the .skill file or extracted file was read, treated as data only, and advises verifying the file source is trusted",
      "max_score": 10
    },
    {
      "name": "A1 Bash access flagged",
      "description": "The report flags Bash in the allowed-tools list as a warning (A1 or equivalent)",
      "max_score": 10
    },
    {
      "name": "A4 broad tool list flagged",
      "description": "The report flags the broad tool list (Read Write Bash WebFetch Glob Edit = 6 tools) as a warning (A4 or equivalent)",
      "max_score": 10
    },
    {
      "name": "B5 out-of-directory access flagged",
      "description": "The report flags file access outside the working directory, specifically the script's reference to ~/.config/report-tool/config.json",
      "max_score": 12
    },
    {
      "name": "Script reviewed",
      "description": "The report explicitly states that scripts/format_report.sh was read and reviewed",
      "max_score": 8
    },
    {
      "name": "Remediation steps included",
      "description": "The report includes at least one concrete remediation step for at least one warning (not just identifying the issue)",
      "max_score": 10
    },
    {
      "name": "Plain-language framing",
      "description": "The report uses plain-language explanations appropriate for a non-technical reader (the product manager), not just technical check codes",
      "max_score": 10
    },
    {
      "name": "What Was Reviewed section",
      "description": "The report lists both SKILL.md and the script (format_report.sh) in the reviewed section",
      "max_score": 10
    },
    {
      "name": "Static audit reminder",
      "description": "The report includes the standard reminder that a clean or cautionary audit is not a guarantee of safety",
      "max_score": 10
    }
  ]
}

evals

scenario-3

criteria.json

task.md

CHANGELOG.md

index.html

package-lock.json

package.json

privacy.html

README.md

robots.txt

SKILL.md

tessl.json

tile.json

vercel.json