claims
Claims-based authorization for agents and operations. Grant, revoke, and verify permissions for secure multi-agent coordination. Use when: permission management, access control, secure operations, authorization checks. Skip when: open access, no security requirements, single-agent local work.
89
84%
Does it follow best practices?
Impact
97%
1.79xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W013: Attempt to modify system services in skill instructions
What this means
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Why it was flagged
Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill defines and provides commands to grant powerful claims (write, execute, spawn, admin) and scope patterns that can enable agents to modify files, spawn processes, or obtain administrative-level actions, so it facilitates changing the machine state even though it doesn't explicitly instruct sudo or user creation.
- Repository
- ruvnet/ruflo
- Commit
398f7c2
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.