Oathe Security Badge

Is mattpocock/skills safe?

https://github.com/mattpocock/skills

92
SAFE

This is a legitimate collection of development productivity skills from TypeScript educator Matt Pocock. The skills focus on code scaffolding, project planning, git safety, and development workflows with no malicious behavior detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW Executable shell script present -15

Contains block-dangerous-git.sh script, but analysis shows it's a safety feature that blocks dangerous git commands rather than executing malicious code

INFO Sensitive file access during installation -10

Monitoring detected access to sensitive files, but these were from SSH authentication processes during the audit, not from the skill itself