Oathe Security Badge

Is soljourner/claude-engineering-skills safe?

https://github.com/soljourner/claude-engineering-skills

92
SAFE

The soljourner/claude-engineering-skills repository is a legitimate, high-quality collection of engineering reference skills covering pump design, CFD (OpenFOAM, ANSYS, COMSOL), structural analysis, thermodynamics, and scientific Python packages. No prompt injection, persona manipulation, or adversarial instructions were found in any SKILL.md file, and all referenced external URLs point to recognized engineering and scientific authorities. The only noteworthy observations are precompiled .pyc bytecode files checked into the repository (low opacity risk), the get-available-resources helper performing broad system environment scanning (legitimate for engineering agent context but warrants awareness), and honeypot file accesses that are attributable to the audit infrastructure's sudo process rather than the skill itself.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 87/100 · 20%
Clone Behavior 97/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

MEDIUM Canary file access by audit sudo process before clone -10

Honeypot credentials (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, GCP credentials) were opened and read at 17:23:37, approximately 5 seconds before the git clone network activity began. Timing, process lineage (sudo at PID 1105 running PAM), and the passing canary integrity verdict all strongly indicate this was the audit infrastructure's own sudo process performing name resolution and PAM authentication — not the skill under test. No data exfiltration occurred.

LOW Precompiled .pyc bytecode committed to repository -13

Eight pycache directories contain pre-compiled CPython 3.11 bytecode. While the corresponding .py source files appear benign and consistent with the engineering documentation, bundling compiled bytecode introduces a minor opacity risk since bytecode content is not trivially human-readable.

LOW get-available-resources performs comprehensive system reconnaissance -10

The helper skill enumerates installed software, database connectivity, license server variables, and hardware resources. This is useful for engineering agent context but creates a detailed system fingerprint that could amplify risk if combined with an exfiltration capability from another skill.