Oathe Security Badge

Is rebelytics/one-skill-to-rule-them-all safe?

https://github.com/rebelytics/one-skill-to-rule-them-all

90
SAFE

This is a legitimate meta-skill for improving Claude's skill library through observation logging during work sessions. While it significantly modifies Claude's behavior and automatically creates files, it operates transparently and confines activities to the workspace directory with no evidence of malicious intent.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

MEDIUM Extensive Behavioral Modification -25

The skill contains comprehensive instructions that significantly modify Claude's default behavior, including continuous observation logging, automatic file creation, and detailed procedural workflows. While transparent about its purpose, these modifications could interfere with normal operation patterns.

LOW Silent Operations -5

The skill instructs Claude to perform observation logging 'silently' without interrupting the user, which could potentially mask activities. However, the intent appears legitimate for user experience purposes.

LOW Automatic File System Modifications -20

The skill instructs Claude to automatically create observation logs, cross-cutting principles files, and archive directories without explicit user consent for each operation. This could lead to unexpected file system changes during sessions.