// Audit AI Agent skills for security vulnerabilities including malicious code, remote execution, credential leaks, and supply chain risks. Use when reviewing third-party skills, investigating suspicious behavior, or performing security assessments.
Dispatch an independent challenger agent to adversarially review a spec or implementation plan against the actual codebase. Catches hallucinated APIs, wrong field names, nonexistent files, and incorrect assumptions. Two modes: (1) spec review — verifies DB model fields, API paths, config attributes, file paths referenced in a design spec, (2) plan review — verifies imports, function signatures, constructor args, file paths in an implementation plan. Use after brainstorming produces a spec, or after writing-plans produces a plan, before execution. Triggers: "review the spec", "review the plan", "challenge this", "check for hallucinations", "design review", "spec review", "plan review", "/design-review".
Graph-driven project understanding using code-review-graph (CRG). Query architecture, modules, callers/callees, impact radius, hotspots, execution flows, and search nodes. Use when: (1) brainstorming and need to understand project structure, (2) writing plans and need impact analysis, (3) user says "understand this project", "how does this module work", "impact analysis", "/explore", (4) reviewing code changes and need blast radius. Requires .code-review-graph/graph.db — run /graph build first if missing.
Manage code knowledge graphs via code-review-graph (CRG). Build, update, and check status of project code graphs stored in .code-review-graph/graph.db. Use when: (1) user says "build graph", "update graph", "graph status", "/graph", (2) Harness init detects CRG, (3) preparing to use /explore commands. Gracefully degrades if CRG is not installed.
SCA 漏洞 AI 降噪与风险优先级评估。对 Grype/Snyk/Xray 等 SCA 工具的漏洞发现进行多维度风险评估,按 P0-P3 分级,过滤噪音(DoS、本地提权、低影响信息泄露),聚焦真正可利用的高风险漏洞。当用户需要对 SCA 扫描结果降噪、漏洞优先级排序、或供应链风险评估时使用。
生成安全审计 skill。两种模式:(1) 项目模式——根据项目文档生成定制化审计 skill;(2) 通用模式——仅指定语言+框架,从参考资料库生成通用审计 skill。当用户想创建安全审计 skill、生成审计规则、或提到"生成安全审计skill"、"创建code review skill"、"生成 Java 审计 skill"时使用。
审计 Docker/容器部署安全。检测 Dockerfile、docker-compose.yml、Kubernetes manifests 中的安全问题:特权容器、root 运行、敏感挂载、资源无限制、密钥泄露、Base Image 不合规、网络暴露等。当审计容器配置、Docker 安全、K8s 部署安全、或检查基础设施安全时使用。支持 Dockerfile、docker-compose.yml、Kubernetes YAML、Helm charts。
| name | skills-audit |
| description | Audit AI Agent skills for security vulnerabilities including malicious code, remote execution, credential leaks, and supply chain risks. Use when reviewing third-party skills, investigating suspicious behavior, or performing security assessments. |
You are conducting a security audit of an AI Agent skill. This skill executes a comprehensive analysis to detect malicious code, security vulnerabilities, and suspicious patterns.
Audit the skill at path: $ARGUMENTS
Run static security scan Execute the Python audit tool for static analysis:
# Auto-detect skills-audit installation path
AUDIT_SCRIPT=""
for candidate in \
~/.claude/skills/skills-audit/skill_audit/cli_wrapper.py \
~/.claude/skills/skill-audit/skill_audit/cli_wrapper.py \
"${SKILL_AUDIT_HOME:-}""/skill_audit/cli_wrapper.py"; do
if [ -f "$candidate" ]; then
AUDIT_SCRIPT="$candidate"
break
fi
done
if [ -z "$AUDIT_SCRIPT" ]; then
echo "Error: Cannot find skills-audit installation"
echo "Set SKILL_AUDIT_HOME environment variable to your skills-audit directory"
exit 1
fi
python3 "$AUDIT_SCRIPT" "$ARGUMENTS"
This will:
Perform AI semantic analysis (if enabled)
If the scan mode includes AI analysis (standard/deep/expert), perform deep semantic security analysis:
a. Read the skill code files from the target path
b. Analyze for security vulnerabilities:
eval(), exec(), subprocess, curl | bashc. Assess each finding:
d. Filter false positives:
e. Output your analysis in this format:
AI SEMANTIC ANALYSIS FINDINGS:
1. [SEVERITY] Finding Title
- Location: file.py:line
- Pattern: describe what you found
- Risk: explain the security risk
- Scenario: how an attacker could exploit this
- Impact: potential damage
- Recommendation: how to fix
2. [SEVERITY] Finding Title
...
f. Integrate AI findings into the report (CRITICAL STEP)
After completing your AI analysis, integrate your findings into the audit report by running:
# Use the detected AUDIT_SCRIPT path from step 1
INTEGRATE_SCRIPT="$(dirname "$AUDIT_SCRIPT")/integrate_ai_findings.py"
python3 "$INTEGRATE_SCRIPT" \
"<report_path>" \
'<ai_findings_json>'
Where:
<report_path>: The path to the JSON report file (shown in step 1 output as "Detailed report saved to: ...")<ai_findings_json>: Your AI analysis findings formatted as JSON arrayJSON Format for ai_findings:
[
{
"title": "Base64-Obfuscated Remote Code Execution",
"severity": "CRITICAL",
"category": "unsafe_execution",
"description": "Base64-encoded command that downloads and executes arbitrary code",
"location": "skill.md:28",
"code_snippet": "echo 'L2Jpbi9iYXNoIC1jIC...' | base64 -D | bash",
"risk": "Remote code execution with complete system compromise",
"scenario": "User follows installation instructions, base64 decodes to malicious payload, executes with shell privileges",
"impact": {
"confidentiality": "CRITICAL",
"integrity": "CRITICAL",
"availability": "CRITICAL"
},
"impact_description": "Full system compromise, data theft, ransomware deployment",
"recommendation": "BLOCK this skill entirely. Never execute obfuscated commands.",
"cwe_ids": ["CWE-78", "CWE-94", "CWE-506"]
}
]
Important:
Send final webhook notification (optional, if notifications are configured) After completing comprehensive analysis (including false positive filtering), send the webhook:
# Auto-detect skills-audit path
AUDIT_DIR="$(dirname "$(dirname "$AUDIT_SCRIPT")")"
python3 -c "
import sys; sys.path.insert(0, '$AUDIT_DIR')
from skill_audit.integrations import send_final_webhook
send_final_webhook(report_path='<report_path>')
"
This ensures the webhook contains the final, accurate results after your analysis.
Present comprehensive results to user
If high-risk issues are found:
/skills-audit /path/to/skill (default) or /skills-audit /path/to/skill --mode deep/skills-audit /path/to/skill --mode fast/skills-audit /path/to/skill --mode standard/skills-audit /path/to/skill --mode expertThis audit detects:
curl | bash, eval(), exec()Edit config/config.yml (relative to skills-audit installation directory) to customize:
# Report save location
claude_code:
# Options: cwd (current directory), skill_dir (skill directory), temp (temp directory), custom
report_location: custom
custom_report_dir: ~/.claude/audit-reports
# Custom report naming
output:
report_filename: "audit-{skill_name}-{timestamp}.json"
scan_modes:
fast:
enable_ai_analysis: false
enable_static_analysis: true
enable_deep_analysis: false
enable_tip_check: false
standard:
enable_ai_analysis: true
enable_static_analysis: true
enable_deep_analysis: false
enable_tip_check: false
deep:
enable_ai_analysis: true
enable_static_analysis: true
enable_deep_analysis: true
enable_tip_check: true
--mode fast (static analysis only, 1-2 seconds)--mode flag to override scan mode (the --mode parameter is authoritative)config/config.yml relative to skills-audit installation directory