skill-audit
OfficialStatic security audits for Claude Code skills.
Software Engineering#hooks#Claude Code#risk-assessment#static-analysis#security-audit#skill-review#remote-audit
Authoranysiteio
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill Audit helps security teams and developers ensure Claude Code skills, commands, and plugins are safe before deployment by performing read-only static analysis of SKILL.md frontmatter, body, and supporting files.
Core Features & Use Cases
- Static analysis of frontmatter fields such as allowed-tools, hooks, and permissions to surface potential risk patterns
- Discovery and evaluation of dangerous patterns in skill bodies, scripts, and hooks
- Supports local skill directories and remote GitHub audits with a strict read-only approach
- Use case: vet a new skill from a repository before enabling it to prevent unintended side effects
- Use case: conduct ongoing security reviews of installed skills and plugins
Quick Start
For local audits, run: /skill-audit skills/skill-audit For GitHub audits, run: /skill-audit https://github.com/owner/repo
Dependency Matrix
Required Modules
ReadGrepGlobWebFetch
Components
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: skill-audit Download link: https://github.com/anysiteio/agent-skills/archive/main.zip#skill-audit Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.