Oathe Security Badge

Is wrsmith108/claude-skill-security-auditor safe?

https://github.com/wrsmith108/claude-skill-security-auditor

98
SAFE

This skill is a legitimate npm security audit tool that runs 'npm audit' commands to identify vulnerabilities and generate actionable reports. The code execution is expected, controlled, and limited to the intended npm audit functionality. No security vulnerabilities or malicious behavior were detected.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (1)

LOW Executes npm audit command -10

The skill executes 'npm audit --json' using Node.js execSync to gather vulnerability data. While this is the intended functionality and the command is hardcoded (not user-controlled), it does represent code execution.