Security

Skill Reviewer

Audit any Claude Code skill file for security risks before installing. Reads the .md, checks for dangerous patterns across three severity tiers, and returns a structured safety verdict.

/skill-review Free
Download .md All Skills
X-Ray: what this skill can and cannot do
Shell access No
Network calls No
File writes No
File reads Single file (the skill being reviewed)
Destructive ops No
Credential access No
Scope Read only

Why this exists

Claude Code skills are plain .md files that anyone can share. There is no built-in review step before installation. A malicious skill could instruct Claude to exfiltrate data, delete files, harvest credentials, or run destructive shell commands. You would not know until the damage was done.

This skill gives you a way to audit any skill file before trusting it. Run /skill-review, point it at a .md file, and get a structured security verdict in seconds.

How it works

  1. You provide the file path Pass the path as an argument or the skill will ask you for it. It only reads the single file you specify.
  2. It parses the structure Extracts the YAML frontmatter (name, description, allowed-tools) and the markdown body separately.
  3. It runs three-tier security checks Every line is scanned against Critical, High, and Medium severity patterns. Each finding quotes the exact line that triggered it.
  4. It produces a structured verdict SAFE, CAUTION, or UNSAFE, with a full breakdown of findings, positive signals, and a plain-language summary of what the skill actually does.

What it checks

Critical (instant UNSAFE verdict)

  • Unrestricted Bash access with no scoping
  • Data exfiltration patterns: curl, wget, external URLs, WebFetch
  • Destructive commands: rm -rf, git reset --hard, git push --force
  • Credential harvesting: reading .env, .ssh/, .aws/, API keys
  • System modification: writing to .bashrc, .zshrc, startup folders, crontab

High (triggers CAUTION)

  • Description does not match what the instructions actually tell Claude to do
  • Unbounded file writes with no project scoping
  • Hidden secondary goals buried deep in the file
  • Social engineering language disguising destructive actions

Medium (noted in report)

  • Broad file reads outside the project directory
  • Risky tool combinations (Read + Write + Bash)
  • Conditional or hidden logic that changes behaviour
  • Environment variable harvesting

Sample output

## Skill Review: humanizer

### Verdict: SAFE

### Metadata
- Name: humanizer
- Command: /humanizer
- Description: Scan files for em dashes and replace them...

### Tools Used
Read, Edit

### Risk Findings
Critical: None
High: None
Medium: None

### Positive Signals
- Single, clearly defined purpose
- No external URLs or network calls
- Tools match the stated description
- File operations scoped to user-specified files

### What This Skill Actually Does
Scans files the user specifies for em dash characters
and replaces each one with a contextually appropriate
alternative (comma, colon, full stop, or brackets).

### Recommendation: INSTALL
No security concerns found. The skill is read-and-edit
only, scoped to files the user provides.

Honest take

What it does well: Catches the most common attack vectors in skill files: unrestricted shell access, data exfiltration, credential harvesting, hidden destructive commands. The three-tier system gives you a clear priority on what matters most. Every finding quotes the exact line that triggered it, so you never have to take the verdict on faith.

What it does not do: It cannot catch everything. Obfuscated payloads, deeply encoded instructions, or novel attack patterns may slip through. It also does not verify that a skill works well, only that it is not obviously dangerous. Think of it as a first-pass filter, not a seal of approval.

When to use it: Before installing any skill you did not write yourself. Public repositories, shared links, community forums, unknown websites. Run it on skills from people you trust. Run it on the other two skills on this page. I built this reviewer so you would not have to take my word for it either.

Security Audit Read-Only Claude Code Trust

Use this skill in your project

Download the .md file, drop it into .claude/skills/, and run /skill-review.

Download .md