Oathe Security Badge

Is ArunJRK/audit-flow safe?

https://github.com/ArunJRK/audit-flow

92
SAFE

This appears to be a legitimate system audit and flow tracing tool that creates SQLite databases to track system interactions across multiple layers (CODE, API, AUTH, DATA, NETWORK). While it contains executable Python code and has complex functionality that could theoretically be misused for reconnaissance, the implementation appears benign with no external network communication or data exfiltration detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

MEDIUM Executable Python Script Present -15

The skill contains an executable Python script (audit.py) that performs database operations and file system access. While the functionality appears legitimate for audit flow tracing, it represents executable code risk.

LOW Sensitive File Access During Installation -10

Monitoring detected access to sensitive files (.env, SSH keys, AWS credentials) during skill installation, though this appears to be expected monitoring system behavior rather than malicious exfiltration.

LOW Potential Reconnaissance Capability -15

The audit flow tracing functionality could potentially be misused to map system architecture and data flows for reconnaissance purposes, though the intended use case for security audits is legitimate.

INFO Complex Skill Functionality -5

The skill has extensive functionality with detailed instructions that could potentially mask malicious behavior, but no actual prompt injection techniques were detected.