Is senior-architect safe?

https://clawhub.ai/alirezarezvani/senior-architect

82
SAFE

The senior-architect skill is a legitimate architecture analysis and reference tool containing three Python scripts for project scanning and extensive markdown documentation on architecture patterns and technology decisions. The primary risks are that the Python scripts can traverse and read files from arbitrary directories when executed by the agent, and that broad trigger phrases may cause unintended activation. No malicious intent, data exfiltration mechanisms, or prompt injection payloads were detected.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 68/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (5)

MEDIUM Python scripts execute with arbitrary directory traversal -20

The skill includes three Python scripts that the SKILL.md instructs the agent to execute. These scripts accept arbitrary directory paths as arguments and recursively scan them using Path.rglob('*') and Path.iterdir(). If the agent passes a broad path like '/' or '/home', the scripts would enumerate and read files across the entire filesystem.

MEDIUM Scripts read source file contents for import extraction -15

The Python scripts read the contents of discovered source files to extract import statements. While this is necessary for dependency analysis, in an LLM agent context these file contents flow into the model's context window, meaning sensitive source code, API keys embedded in code, or other secrets in source files could be exposed to the model provider's API.

LOW Broad activation trigger phrases in skill description -15

The skill's description field lists many broad trigger phrases like 'make technical decisions', 'choose a database', and 'plan for scalability'. These could cause the skill to activate during normal conversations where the user isn't seeking architecture tooling, potentially overriding intended agent behavior.

LOW Incomplete script — truncated source provided -5

The architecture_diagram_generator.py script appears truncated in the evidence, ending mid-class definition. The full script behavior beyond what is shown cannot be verified. However, the visible code contains no malicious patterns.

INFO Skill is a passive reference + analysis tool with no persistence 0

The skill primarily serves as a reference document (architecture patterns, decision matrices, workflows) with optional Python analysis scripts. It does not modify any files, does not persist state, and does not communicate with external services. The reference documentation is accurate and well-structured.