Skill Security Analyzer
Analyze Claude skills for security risks, vulnerabilities, and safety concerns before deployment.
When to Use This Skill
Use this skill whenever security analysis of a Claude skill is requested, including:
- "Analyze the security of this skill"
- "What are the security risks in my [skill-name]?"
- "Review this skill for vulnerabilities"
- "Is this skill safe to deploy?"
- "Check this skill for security issues"
- "Audit this skill before I use it"
Analysis Process
Security analysis follows a systematic workflow:
- Extract skill contents - If provided as a .skill file, extract and examine all components
- Review skill metadata - Analyze name, description, and stated purpose
- Examine SKILL.md - Review instructions and identify potential risks
- Inspect bundled resources - Analyze scripts, references, and assets for security issues
- Cross-reference patterns - Check against known security patterns (see references/security_patterns.md)
- Generate findings - Compile severity-rated list of identified risks
- Create output - Provide executive summary, findings list, and security checklist
Output Format
Provide three components in this order:
1. Executive Summary (2-3 sentences)
Brief overall assessment with key takeaway. Examples:
- "This skill has CRITICAL security risks including undisclosed network access and potential data exfiltration. Do not deploy without major modifications."
- "This skill demonstrates good security practices with minor concerns around input validation. Generally safe for deployment with awareness of limitations."
2. Findings List
Severity-rated list of specific security issues found:
CRITICAL - Immediate security threat, do not deploy
- [Specific finding with evidence]
- [Specific finding with evidence]
HIGH - Significant risk, requires remediation
- [Specific finding with evidence]
MEDIUM - Moderate concern, should be addressed
- [Specific finding with evidence]
LOW - Minor issue or best practice deviation
- [Specific finding with evidence]
POSITIVE - Security best practices observed
- [Specific good practice found]
3. Security Checklist
Quick reference checklist of security categories:
[ ] Data Exfiltration Risks - [PASS/FAIL/CONCERN] - [brief note]
[ ] Network Access - [PASS/FAIL/CONCERN] - [brief note]
[ ] Prompt Injection Protection - [PASS/FAIL/CONCERN] - [brief note]
[ ] Permissions & Scope - [PASS/FAIL/CONCERN] - [brief note]
[ ] PII/Confidential Data - [PASS/FAIL/CONCERN] - [brief note]
[ ] Malicious Code Indicators - [PASS/FAIL/CONCERN] - [brief note]
[ ] Supply Chain Risks - [PASS/FAIL/CONCERN] - [brief note]
[ ] Credential Exposure - [PASS/FAIL/CONCERN] - [brief note]
[ ] Resource Abuse - [PASS/FAIL/CONCERN] - [brief note]
[ ] Transparency & Documentation - [PASS/FAIL/CONCERN] - [brief note]
Analyzing Skill Components
Skill Metadata Analysis
Check frontmatter and description for:
- Scope clarity: Does description match actual functionality?
- Tool disclosure: Are all used tools mentioned?
- External service disclosure: Are API calls or network access mentioned?
- Data handling statements: Is data processing clearly explained?
Red flags:
- Vague descriptions that don't explain what the skill does
- Description doesn't mention tools used in code
- Missing disclosure of network access or external services
SKILL.md Analysis
Read the entire SKILL.md and check for:
- Instruction clarity: Are instructions clear and unambiguous?
- Input handling: How does skill handle user input?
- Tool usage justification: Is tool usage appropriate for stated purpose?
- Prompt construction: Are there prompt injection risks?
- Scope boundaries: Does skill stay within stated purpose?
Specific checks:
- Search for dynamic prompt construction patterns
- Check for file access instructions without validation
- Look for network requests not in description
- Identify any instruction override patterns
- Review error handling and data exposure
Scripts Analysis
For each script in scripts/:
- Read the script using the view tool
- Check imports against security patterns reference
- Scan for dangerous operations: file deletion, system commands, network requests
- Look for obfuscation: base64, exec, eval, encoded strings
- Validate paths: check file access uses safe paths
- Review subprocess usage: check for shell=True or user input in commands
Priority patterns to detect:
exec(), eval(), __import__()subprocess.run(..., shell=True)requests.post(), urllib.request, fetch()os.system(), os.popen()base64.b64decode() followed by execution- File operations on sensitive paths
- Hardcoded credentials or API keys
References Analysis
Check reference files for:
- Sensitive data: API keys, credentials, internal schemas
- External resources: Links to external sites or services
- Data handling instructions: How data should be processed
- Compliance requirements: Any regulatory considerations
Assets Analysis
Examine assets for:
- Executable content: Scripts disguised as assets
- External resources: Templates that load remote content
- Embedded credentials: Config files with secrets
- Unexpected file types: Files that don't match skill purpose
Using the Security Patterns Reference
IMPORTANT: Read references/security_patterns.md at the start of every security analysis to load the comprehensive catalog of security patterns, anti-patterns, and risk indicators.
The reference provides:
- Detailed examples of risky vs. safe implementations
- Specific patterns to search for in code
- Risk categorization and severity guidelines
- Context-specific considerations
Use the reference to:
- Guide what to look for during analysis
- Determine severity ratings for findings
- Provide accurate examples in findings
- Ensure comprehensive coverage of risk categories
Handling .skill Files
If provided a .skill file:
- Extract contents: .skill files are zip files with .skill extension
unzip skillname.skill -d /home/claude/skill-analysis/
Verify structure: Check for SKILL.md and proper directory organization
Analyze extracted contents: Follow normal analysis process
Edge Cases
Skills Without Code
For skills with only SKILL.md (no scripts/assets):
- Focus on instruction analysis
- Check for prompt injection risks in instructions
- Verify tool usage is appropriate
- Assess scope and transparency
Third-Party Skills
For skills from unknown sources:
- Apply heightened scrutiny
- Mark provenance as a risk factor
- Look extra carefully for obfuscation
- Check for unexpected functionality
- Recommend code review before deployment
Skills Requesting Unusual Permissions
For skills asking for extensive tool access:
- Verify each tool is justified in description
- Check if tool usage aligns with stated purpose
- Look for scope creep in implementation
- Consider principle of least privilege
Important Principles
Be Evidence-Based
- Always cite specific code or instructions when identifying risks
- Provide line numbers or code snippets for findings
- Don't make assumptions - base findings on actual content
Severity Calibration
- CRITICAL: Immediate security threat (data theft, system compromise, credential exposure)
- HIGH: Significant risk requiring remediation (unsafe file access, undisclosed network calls)
- MEDIUM: Moderate concern (missing input validation, unclear scope)
- LOW: Best practice deviation (no security impact but suboptimal)
Context Matters
- Consider the skill's stated purpose
- Distinguish between necessary functionality and overreach
- Account for legitimate use cases vs. security theater
Actionable Findings
- Provide specific remediation guidance when possible
- Suggest safer alternatives for risky patterns
- Prioritize findings by risk and effort to fix
Example Analysis Workflow
User: "Analyze the security of this skill" [attaches my-skill.skill]
1. Extract the .skill file
2. Read references/security_patterns.md
3. Review SKILL.md frontmatter and description
4. Analyze SKILL.md instructions
5. Examine each script in scripts/
6. Check references/ for sensitive data
7. Review assets/ for unexpected content
8. Compile findings with severity ratings
9. Generate executive summary
10. Create security checklist
11. Provide formatted output
