Oathe Security Badge

Is jguy/sigrok-skill safe?

https://github.com/jguy/sigrok-skill

89
SAFE

This appears to be a legitimate technical skill for controlling logic analyzers via sigrok-cli. The skill provides comprehensive documentation for hardware protocol analysis and includes helper scripts for WSL USB forwarding. While executable scripts pose some risk, they appear necessary for the skill's stated functionality.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

MEDIUM Executable shell scripts for USB forwarding -20

The skill includes shell scripts (slogic-attach, slogic-detach) for WSL USB device forwarding. While these appear legitimate for the stated purpose of logic analyzer control, they represent executable code that could potentially be modified.

LOW Complex technical content -5

The skill contains extensive technical documentation that, while legitimate, is complex enough that malicious instructions could theoretically be hidden within the technical details.

INFO System credential file access detected -15

Monitoring detected access to sensitive files (.env, SSH keys, AWS credentials) but these appear to be from monitoring processes rather than the skill itself, and no exfiltration occurred.