sysadmin-toolbox
Tool discovery and shell one-liner reference for sysadmin, DevOps, and security tasks. AUTO-CONSULT this skill when the user is: troubleshooting network issues, debugging processes, analyzing logs, working with SSL/TLS, managing DNS, testing HTTP endpoints, auditing security, working with containers, writing shell scripts, or asks 'what tool should I use for X'. Source: github.com/trimstray/the-book-of-secret-knowledge
81
77%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/sysadmin-toolbox/SKILL.mdSecurity
3 findings — 1 critical severity, 2 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E006: Malicious code pattern detected in skill scripts
What this means
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Why it was flagged
Malicious code pattern detected (high risk: 1.00). The skill content includes explicit backdoor/reverse-shell examples (nc -e, mkfifo-based shells), instructions to hide activity (history sterilization, PROMPT_COMMAND), tools and links for credential harvesting and secret discovery (mimikatz, shhgit, PHP-backdoors), network tunneling/exfiltration patterns (nc/socat/ssh port forwards, proxy scripts), DDoS/flood examples (hping3 --flood, mass scanners), anonymization utilities (Tor scripts), and an automated upstream refresh that pulls and writes external content without verification — together these are clear patterns that enable deliberate malicious activity and supply-chain abuse.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly says it auto-refreshes references weekly from the upstream public GitHub repo (github.com/trimstray/the-book-of-secret-knowledge) and its workflow ("When to Auto-Consult" / Example Queries → Actions) requires loading and using those external reference files (e.g., shell-oneliners.md, cli-tools.md) at runtime, so the agent ingests open/public third-party content that can directly influence recommendations and next actions.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.90). The skill states it auto-refreshes its references from the upstream repo at https://github.com/trimstray/the-book-of-secret-knowledge (via a refresh.sh invoked at runtime), meaning remote Markdown content is fetched and used to drive the skill's recommendations and thus directly influences agent prompts—constituting a runtime external dependency that can control instructions.
- Repository
- jdrhyne/agent-skills
- Commit
6768672
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.