Audit Skills (Premium Universal Security)
Overview
Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS). 2-4 sentences is perfect.
When to Use This Skill
- •Use when you need to audit AI skills and bundles for security vulnerabilities
- •Use when working with cross-platform security analysis
- •Use when the user asks about verifying skill legitimacy or performing security reviews
- •Use when scanning for mobile threats in AI skills
How It Works
Step 1: Static Analysis
Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads.
Step 2: Platform-Specific Threat Detection
Analyzes code for platform-specific security issues across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).
1. Privilege, Ownership & Metadata Manipulation
- •Elevated Access:
sudo,chown,chmod,TakeOwnership,icacls,Set-ExecutionPolicy. - •Metadata Tampering:
touch -t,setfile(macOS),attrib(Windows),Set-ItemProperty,chflags. - •Risk: Unauthorized access, masking activity, or making files immutable.
2. File/Folder Locking & Resource Denial
- •Patterns:
chmod 000,chattr +i(immutable),attrib +r +s +h,DenyACEs inicacls. - •Global Actions: Locking or hiding folders in
%USERPROFILE%,/Users/, or/etc/. - •Risk: Denial of service or data locking.
3. Script Execution & Batch Invocation
- •Legacy/Batch Windows:
.bat,.cmd,cmd.exe /c,vbs,cscript,wscript. - •Unix Shell:
.sh,.bash,.zsh,chmod +xfollowed by execution. - •PowerShell:
.ps1,powershell -ExecutionPolicy Bypass -File .... - •Hidden Flags:
-WindowStyle Hidden,-w hidden,-noprofile.
4. Dangerous Install/Uninstall & System Changes
- •Windows:
msiexec /qn,choco uninstall,reg delete. - •Linux/Unix:
apt-get purge,yum remove,rm -rf /usr/bin/.... - •macOS:
brew uninstall, deleting from/Applications. - •Risk: Removing security software or creating unmonitored installation paths.
5. Mobile Application & OS Security (Android/iOS)
- •Android Tools:
adb shell,pm install,am start,apktool,dex2jar,keytool. - •Android Files: Manipulation of
AndroidManifest.xml(permissions),classes.dex, orstrings.xml. - •iOS Tools:
xcodebuild,codesign,security find-identity,fastlane,xcrun. - •iOS Files: Manipulation of
Info.plist,Entitlements.plist, orProvisioning Profiles. - •Mobile Patterns: Jailbreak/Root detection bypasses, hardcoded API keys in mobile source, or sensitive permission requests (Camera, GPS, Contacts) in non-mobile skills.
- •Risk: Malicious mobile package injection, credential theft from mobile builds, or device manipulation via ADB.
6. Information Disclosure & Network Exfiltration
- •Patterns:
curl,wget,Invoke-WebRequest,Invoke-RestMethod,scp,ftp,nc,socat. - •Sensible Data:
.env,.ssh,cookies.sqlite,Keychains(macOS),Credentials(Windows),keystore(Android). - •Intranet: Scanning internal IPs or mapping local services.
7. Service, Process & Stability Manipulation
- •Windows:
Stop-Service,taskkill /f,sc.exe delete. - •Unix/Mac:
kill -9,pkill,systemctl disable/stop,launchctl unload. - •Low-level: Direct disk access (
dd), firmware/BIOS calls, kernel module management.
8. Obfuscation & Persistence
- •Encoding:
Base64,Hex,XORloops,atob(). - •Persistence:
reg add(Run keys),schtasks,crontab,launchctl(macOS),systemdunits. - •Tubes:
curl ... | bash,iwr ... | iex.
9. Legitimacy & Scope (Universal)
- •Registry Alignment: Cross-reference with
CATALOG.md. - •Structural Integrity: Does it follow the standard repo layout?
- •Healthy Scope: Does a "UI Design" skill need
adb shellorsudo?
Step 3: Reporting
Generates a security report with a score (0-10), platform target identification, flagged actions, threat analysis, and mitigation recommendations.
Examples
Example 1: Security Review
"Perform a security audit on this skill bundle"
Example 2: Cross-Platform Threat Analysis
"Scan for mobile threats in this AI skill"
Best Practices
- •✅ Perform non-intrusive analysis
- •✅ Check for privilege escalation patterns
- •✅ Look for information disclosure vulnerabilities
- •✅ Analyze cross-platform threats
- •❌ Don't execute potentially malicious code during audit
- •❌ Don't modify the code being audited
- •❌ Don't ignore mobile-specific security concerns
Common Pitfalls
- •
Problem: Executing code during audit Solution: Stick to static analysis methods only
- •
Problem: Missing cross-platform threats Solution: Check for platform-specific security issues on all supported platforms
- •
Problem: Failing to detect obfuscated payloads Solution: Look for encoding patterns like Base64, Hex, XOR loops, and atob()
Related Skills
- •
@security-scanner- Additional security scanning capabilities