Skill Trust Decision
skill-gatekeeper
Skill Gatekeeper uses undeclared child_process.exec with a hardcoded Windows path (C:/Users/ReaMasTer/) to invoke an external CLI tool, violating its own documented security principles.
Most direct threat evidence
01
Masquerades as a security audit tool through SKILL.md Entry · SKILL.md
02
Executes shell commands via child_process.execSync with hardcoded path Escalation · gatekeeper.ts
03
Hardcoded path C:/Users/ReaMasTer/ may harvest user-specific credentials or data Impact · gatekeeper.ts
Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
1 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 3 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
Attack Chain
01
Masquerades as a security audit tool through SKILL.md
Entry · SKILL.md:1
02
Executes shell commands via child_process.execSync with hardcoded path
Escalation · gatekeeper.ts:298
03
Hardcoded path C:/Users/ReaMasTer/ may harvest user-specific credentials or data
Impact · gatekeeper.ts:298
What drove the risk score up
Undeclared shell execution via child_process.exec +30
SKILL.md never declares child_process.exec usage; line 298 executes shell commands
Hardcoded Windows user path +25
C:/Users/ReaMasTer/ - specific user path not declared, potential credential harvesting vector
Self-contradicting security scanner +15
Tool scans other skills for child_process.exec (line 76) but uses it itself
Hidden external tool dependency +10
Depends on external clawhub.js at undeclared path
Most important evidence
High
Undeclared child_process.exec with hardcoded path
The skill executes external commands via child_process.execSync using a hardcoded Windows path C:/Users/ReaMasTer/AppData/Roaming/npm/node_modules/clawhub/bin/clawdhub.js. This is never mentioned in SKILL.md and targets a specific user's npm installation.
gatekeeper.ts:298 Remove hardcoded paths; use environment variables or declared configuration for external tool paths.
High
Self-contradicting security behavior
The skill scans other skills for dangerous patterns including child_process.exec but uses child_process.execSync itself. This 'do as I say, not as I do' pattern is a red flag.
gatekeeper.ts:76 If child_process.exec is needed, declare it in SKILL.md capabilities.
Medium
Hidden external tool dependency
The skill depends on an external CLI tool (clawhub) at a specific Windows path. This dependency is not declared in SKILL.md and introduces supply chain risk.
gatekeeper.ts:298 Declare all external dependencies in SKILL.md.
Declared capability vs actual capability
Filesystem Block
Declared READ
→ Inferred WRITE
gatekeeper.ts:298 - writes to SKILL_DIR, QUARANTINE_DIR Shell Block
Declared NONE
→ Inferred WRITE
gatekeeper.ts:298 - child_process.execSync with hardcoded path Network Pass
Declared READ
→ Inferred WRITE
gatekeeper.ts:112 - VirusTotal API POST Suspicious artifacts and egress
Medium External URL
https://www.virustotal.com/api/v3/files/$ gatekeeper.ts:112
Dependencies and supply chain
There are no structured dependency warnings.
File composition
2 files · 528 lines
TypeScript 1 files · 411 linesMarkdown 1 files · 117 lines
Files of concern · 1
gatekeeper.ts Undeclared child_process.exec with hardcoded path · Self-contradicting security behavior · Hidden external tool dependency · https://www.virustotal.com/api/v3/files/$
Other files · SKILL.md
Security positives
Skill is a legitimate security audit concept with clear documentation
Uses sandbox isolation for testing new skills
Integrates with VirusTotal for cloud-based threat detection
Implements quarantine functionality for dangerous skills
Pattern-based detection is reasonably comprehensive
No credential harvesting patterns in local code