Scan Report
0 /100
security-audit
Run security audits on codebases using static analysis, dependency scanning, and manual code review patterns. Covers OWASP Top 10, secrets detection, dependency vulnerabilities, and infrastructure misconfigurations.
This is a pure documentation skill containing only a SKILL.md file that describes how to perform security audits using read-only grep/find commands. No executable code, scripts, or dependencies exist.
Safe to install
No action needed. The skill is a benign reference guide for static security analysis.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | READ | READ | ✓ Aligned | SKILL.md: All shell usage is read-only (grep, find, cat, ls, npm audit, pip-audi… |
| Filesystem | READ | READ | ✓ Aligned | SKILL.md: Only read-only file operations (find, ls, grep -r) |
| Network | NONE | NONE | — | No network requests in skill; npm audit / pip-audit run locally |
| Environment | NONE | NONE | — | Skill does not read or export environment variables |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | No database access |
File Tree
1 files · 5.3 KB · 140 lines Markdown 1f · 140L
└─
SKILL.md
Markdown
Security Positives
✓ Pure documentation skill — no executable code present
✓ All shell operations are read-only grep/find patterns for static analysis
✓ No network requests to external servers (npm/pip audit run locally)
✓ No credential access, credential harvesting, or data exfiltration
✓ No obfuscation, base64 payloads, or suspicious patterns
✓ Skill explicitly documents its own limitations and false-positive rates
✓ Dependencies: none (no package.json, requirements.txt, or other dependency files)