ReddRadar
Agent skill
Skill Security Scan
Audit imported skills for shell injection, secret exfiltration, path traversal, and prompt injection before they run
Install this agent skill to your Project
npx add-skill https://github.com/aaronjmars/aeon/tree/main/skills/skill-security-scan
SKILL.md
${var} — Path to a SKILL.md file or skill directory to scan. If empty, scans all skills in
skills/.
If ${var} is set, scan only that path. Otherwise, scan all skill directories.
Today is ${today}. Your task is to audit skill files for security vulnerabilities before they can be executed.
Threat Model
Imported skills are markdown files that instruct Claude Code to take actions. A malicious skill could:
- Shell injection: Execute arbitrary commands via unquoted variables,
eval, backticks, or$(...)in bash blocks - Secret exfiltration: Send environment variables, tokens, or file contents to external URLs via curl/wget/fetch
- Path traversal: Access files outside the repo using
../or absolute paths - Prompt injection: Override CLAUDE.md safety rules with embedded instructions ("ignore previous instructions", "you are now...")
- Destructive commands: Run
rm -rf,git push --force, or other irreversible operations
Steps
-
Determine scan scope:
- If
${var}is a file path, scan that file only. - If
${var}is a skill name, scanskills/${var}/SKILL.md. - If empty, scan all
skills/*/SKILL.mdfiles.
- If
-
Run the scanner on each skill file using
./skills/skill-security-scan/scan.sh:bash./skills/skill-security-scan/scan.sh <path-to-SKILL.md>The scanner checks for the threat categories above and outputs findings with severity levels (HIGH, MEDIUM, LOW).
-
Check trusted sources: Read
skills/security/trusted-sources.txt. Skills from trusted sources get a reduced scan (format validation only, skip content analysis). The source is determined by checking git remote or the skill's frontmatter for an origin field. -
Generate report: For each scanned skill, produce:
[PASS/WARN/FAIL] skill-name HIGH: description (if any) MEDIUM: description (if any) LOW: description (if any)- FAIL = any HIGH severity finding
- WARN = MEDIUM findings only
- PASS = no findings or LOW only
-
Save report to
articles/security-scan-${today}.mdwith full details. -
Notify via
./notifyif any skills FAIL:*Security Scan — ${today}* Scanned N skills: X passed, Y warnings, Z failed. Failed: skill1 (reason), skill2 (reason)If all pass, log "SECURITY_SCAN_OK" and skip notification.
-
Log results to
memory/logs/${today}.md.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
aaronjmars/aeon
Polymarket
Trending and top markets on Polymarket — volume, new markets, biggest movers
aaronjmars/aeon
Daily Article
Research trending topics and write a publication-ready article
aaronjmars/aeon
DeFi Monitor
Check pool health, positions, and yield rates for tracked protocols
aaronjmars/aeon
Skill Evals
Evaluate skill output quality against assertion manifests — detects regressions before users notice
aaronjmars/aeon
Monitor Polymarket
Monitor specific prediction markets for 24h price moves, volume changes, and fresh comments
aaronjmars/aeon
Self Review
Weekly audit of what Aeon did, what failed, and what to improve
Didn't find tool you were looking for?