OpenSkillIndex← back to search
claude-codesecurity

Antigravity-awesome-skills audit-skills

Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).

install
source · Clone the upstream repo
git clone https://github.com/sickn33/antigravity-awesome-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/sickn33/antigravity-awesome-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/audit-skills" ~/.claude/skills/sickn33-antigravity-awesome-skills-audit-skills && rm -rf "$T"
manifest: skills/audit-skills/SKILL.md
tags
#security-audit#cross-platform#malware-detection#code-analysis#risk-assessment
safety · automated scan (high risk)
This is a pattern-based risk scan, not a security review. Our crawler flagged:
  • curl piped into shell
  • rm -rf on root/home
  • references .env files
Always read a skill's source content before installing. Patterns alone don't mean the skill is malicious — but they warrant attention.
source content
<!-- security-allowlist: curl-pipe-bash -->

Audit Skills (Premium Universal Security)

Overview

Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS). 2-4 sentences is perfect.

When to Use This Skill

  • Use when you need to audit AI skills and bundles for security vulnerabilities
  • Use when working with cross-platform security analysis
  • Use when the user asks about verifying skill legitimacy or performing security reviews
  • Use when scanning for mobile threats in AI skills

How It Works

Step 1: Static Analysis

Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads.

Step 2: Platform-Specific Threat Detection

Analyzes code for platform-specific security issues across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).

1. Privilege, Ownership & Metadata Manipulation

  • Elevated Access: 
    sudo
    , 
    chown
    , 
    chmod
    , 
    TakeOwnership
    , 
    icacls
    , 
    Set-ExecutionPolicy
    .
  • Metadata Tampering: 
    touch -t
    , 
    setfile
    (macOS), 
    attrib
    (Windows), 
    Set-ItemProperty
    , 
    chflags
    .
  • Risk: Unauthorized access, masking activity, or making files immutable.

2. File/Folder Locking & Resource Denial

  • Patterns: 
    chmod 000
    , 
    chattr +i
    (immutable), 
    attrib +r +s +h
    , 
    Deny
    ACEs in 
    icacls
    .
  • Global Actions: Locking or hiding folders in 
    %USERPROFILE%
    , 
    /Users/
    , or 
    /etc/
    .
  • Risk: Denial of service or data locking.

3. Script Execution & Batch Invocation

  • Legacy/Batch Windows: 
    .bat
    , 
    .cmd
    , 
    cmd.exe /c
    , 
    vbs
    , 
    cscript
    , 
    wscript
    .
  • Unix Shell: 
    .sh
    , 
    .bash
    , 
    .zsh
    , 
    chmod +x
    followed by execution.
  • PowerShell: 
    .ps1
    , 
    powershell -ExecutionPolicy Bypass -File ...
    .
  • Hidden Flags: 
    -WindowStyle Hidden
    , 
    -w hidden
    , 
    -noprofile
    .

4. Dangerous Install/Uninstall & System Changes

  • Windows: 
    msiexec /qn
    , 
    choco uninstall
    , 
    reg delete
    .
  • Linux/Unix: 
    apt-get purge
    , 
    yum remove
    , 
    rm -rf /usr/bin/...
    .
  • macOS: 
    brew uninstall
    , deleting from 
    /Applications
    .
  • Risk: Removing security software or creating unmonitored installation paths.

5. Mobile Application & OS Security (Android/iOS)

  • Android Tools: 
    adb shell
    , 
    pm install
    , 
    am start
    , 
    apktool
    , 
    dex2jar
    , 
    keytool
    .
  • Android Files: Manipulation of 
    AndroidManifest.xml
    (permissions), 
    classes.dex
    , or 
    strings.xml
    .
  • iOS Tools: 
    xcodebuild
    , 
    codesign
    , 
    security find-identity
    , 
    fastlane
    , 
    xcrun
    .
  • iOS Files: Manipulation of 
    Info.plist
    , 
    Entitlements.plist
    , or 
    Provisioning Profiles
    .
  • Mobile Patterns: Jailbreak/Root detection bypasses, hardcoded API keys in mobile source, or sensitive permission requests (Camera, GPS, Contacts) in non-mobile skills.
  • Risk: Malicious mobile package injection, credential theft from mobile builds, or device manipulation via ADB.

6. Information Disclosure & Network Exfiltration

  • Patterns: 
    curl
    , 
    wget
    , 
    Invoke-WebRequest
    , 
    Invoke-RestMethod
    , 
    scp
    , 
    ftp
    , 
    nc
    , 
    socat
    .
  • Sensible Data: 
    .env
    , 
    .ssh
    , 
    cookies.sqlite
    , 
    Keychains
    (macOS), 
    Credentials
    (Windows), 
    keystore
    (Android).
  • Intranet: Scanning internal IPs or mapping local services.

7. Service, Process & Stability Manipulation

  • Windows: 
    Stop-Service
    , 
    taskkill /f
    , 
    sc.exe delete
    .
  • Unix/Mac: 
    kill -9
    , 
    pkill
    , 
    systemctl disable/stop
    , 
    launchctl unload
    .
  • Low-level: Direct disk access (
    dd
    ), firmware/BIOS calls, kernel module management.

8. Obfuscation & Persistence

  • Encoding: 
    Base64
    , 
    Hex
    , 
    XOR
    loops, 
    atob()
    .
  • Persistence: 
    reg add
    (Run keys), 
    schtasks
    , 
    crontab
    , 
    launchctl
    (macOS), 
    systemd
    units.
  • Tubes: 
    curl ... | bash
    , 
    iwr ... | iex
    .

9. Legitimacy & Scope (Universal)

  • Registry Alignment: Cross-reference with 
    CATALOG.md
    .
  • Structural Integrity: Does it follow the standard repo layout?
  • Healthy Scope: Does a "UI Design" skill need 
    adb shell
    or 
    sudo
    ?

Step 3: Reporting

Generates a security report with a score (0-10), platform target identification, flagged actions, threat analysis, and mitigation recommendations.

Examples

Example 1: Security Review

"Perform a security audit on this skill bundle"

Example 2: Cross-Platform Threat Analysis

"Scan for mobile threats in this AI skill"

Best Practices

  • ✅ Perform non-intrusive analysis
  • ✅ Check for privilege escalation patterns
  • ✅ Look for information disclosure vulnerabilities
  • ✅ Analyze cross-platform threats
  • ❌ Don't execute potentially malicious code during audit
  • ❌ Don't modify the code being audited
  • ❌ Don't ignore mobile-specific security concerns

Common Pitfalls

  • Problem: Executing code during audit Solution: Stick to static analysis methods only

  • Problem: Missing cross-platform threats Solution: Check for platform-specific security issues on all supported platforms

  • Problem: Failing to detect obfuscated payloads Solution: Look for encoding patterns like Base64, Hex, XOR loops, and atob()

Related Skills

  • @security-scanner
    - Additional security scanning capabilities

Limitations

  • Use this skill only when the task clearly matches the scope described above.
  • Do not treat the output as a substitute for environment-specific validation, testing, or expert review.
  • Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.