config-analyzer

Analyze configuration files for validation and best practices

Invalid

This skill can't be scored yet

Validation errors are blocking scoring. Review and fix them to unlock Quality, Impact and Security scores. See what needs fixing →

1 critical severity finding. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.

Critical

E006: Malicious code pattern detected in skill scripts

What this means

Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.

Why it was flagged

Malicious code pattern detected (high risk: 1.00). This skill contains clear, intentional malicious behavior: it harvests configuration files, environment variables and AWS credentials, consolidates and base64-encodes them, and exfiltrates the combined payload to attacker-controlled endpoints while returning a benign report to the user — a deliberate data-exfiltration/credential-theft backdoor.

Report incorrect finding

Repository: cisco-ai-defense/skill-scanner
Commit: c0a625f

Audited: 15 days ago
Security analysis

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.