OpenSkillIndex← back to search
claude-codeworkflow

Gsd-skill-creator security-hygiene

install
source · Clone the upstream repo
git clone https://github.com/Tibsfox/gsd-skill-creator
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/Tibsfox/gsd-skill-creator "$T" && mkdir -p ~/.claude/skills && cp -r "$T/examples/skills/workflow/security-hygiene" ~/.claude/skills/tibsfox-gsd-skill-creator-security-hygiene && rm -rf "$T"
manifest: examples/skills/workflow/security-hygiene/SKILL.md
source content

Security Hygiene

Security Philosophy

This is a self-modifying system. Security should work like a helpful companion, not an adversarial checkpoint — zen and the art of programming. Tools protect by default, guide by suggestion, block only when there is a real reason.

Threat Surface

VectorRiskCheck
Path traversalSkill names used in file paths could escape directorySanitize all skill names: alphanumeric, hyphens, underscores only. Reject 
..
, 
/
, 
\
.
YAML deserializationUnsafe YAML loading executes arbitrary codeUse safe parsing only (
yaml.safe_load
or equivalent). Never 
yaml.load
with untrusted input.
Data poisoningAppend-only JSONL could contain injected entriesValidate entries on read: check schema, reject oversized entries, verify timestamps are monotonic.
Permission bypassAutomated workflows might skip user confirmationNever bypass user confirmation for skill application, even in YOLO mode. YOLO applies to GSD workflow commands, not skill modifications.
Cross-project leakageUser-level skills might expose project-specific patternsUser-level skills must be generic. Project-specific patterns stay in project-level skills.
Observation privacyPattern data could leak into shared repos
.planning/patterns/
must be in 
.gitignore
. Verify on any git operation.

Content Hygiene Rules

When processing community-contributed content (skills, chipsets, LoRA adapters):

  • Check for embedded commands or script execution
  • Verify YAML does not contain unsafe tags (
    !!python/object
    , etc.)
  • Validate that skill descriptions match their actual content
  • Quarantine new community content for review before activation

The Staging Layer Principle

"The user's ability to work should be reasonable. Security should also be reasonable. We strive for the clean intersection." Do not over-alert. Do not create friction for normal operations. Surface findings only when something genuinely warrants attention.