speckit-analyze
Perform a non-destructive cross-artifact consistency and quality analysis across spec.md, plan.md, and tasks.md after task generation.
75
67%
Does it follow best practices?
Impact
90%
1.47xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./.claude/skills/speckit-analyze/SKILL.mdSecurity
1 medium severity finding. This skill can be installed but you should review these findings before use.
W013: Attempt to modify system services in skill instructions
What this means
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Why it was flagged
Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt requires the agent to execute a repository shell script and to run/emit arbitrary extension hook commands (including mandatory hooks) which may perform state-changing operations (potentially requiring sudo or modifying system files); despite a "STRICTLY READ-ONLY" claim, it does not explicitly forbid escalation or creating users, so the risk of compromising host state is moderate-high.
- Repository
- mixpanel/mixpanel-headless
- Commit
3ce3191
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.