skill-supply-chain-checklisted

Use this before running a third-party or unfamiliar skill — to scan its executable scripts for supply-chain risk (shelling out, outbound network, installs, embedded secrets, dynamic exec) and get a severity-ranked report. Triggers on "is this skill safe", "audit this skill", "supply chain", "vet the skill", "before I install".
Luis247911/universal-ai-workspace-foundation · ★ 0 · AI & Automation · score 78

Install: claude install-skill Luis247911/universal-ai-workspace-foundation

# skill-supply-chain-check Vets a skill's **executable scripts** before you trust them. A skill is mostly instructions, but when it ships code, that code is the attack surface: it could shell out, fetch a remote payload, install packages, or leak a secret. This scans the scripts (not the prose) and reports findings by severity, exiting non-zero on anything `high`. ## When to use - Before running a skill you did not write (downloaded, shared, generated). - In CI, as a gate over `.claude/skills/` so a risky script cannot land unreviewed. - After editing a skill's scripts, to confirm you did not introduce a risky pattern. ## Run it ``` python -m harness.skills audit .claude/skills # audit every skill python -m harness.skills audit .claude/skills/some-skill # audit one python .claude/skills/skill-supply-chain-check/scripts/run.py audit .claude/skills ``` ## What it flags **high** (blocks): `os.system`, `subprocess(shell=True)`, `eval`/`exec`, dynamic `__import__`, `pickle.load`, outbound HTTP (`requests`/`urllib`), raw sockets, package-install commands, download commands (`curl`/`wget`/`git clone`), AWS keys, embedded private keys, hardcoded secrets. **med** (review): hardcoded URLs, `base64` use, environment-variable reads. ## Scope and limits - Scans executable files only (`.py`, `.sh`, `.ps1`, `.js`). **SKILL.md prose is not scanned** — documentation may legitimately discuss risky patterns (this skill does), and prose is a hu