Purging README.md (#236)
* feat: add my audit-skills for audit safe skills * feat: add my audit-skills for audit safe skills * chore: sync generated registry files [ci skip] --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This commit is contained in:
Dear Martinez
GitHub
128
skills/audit-skills/SKILL.md
Normal file
128
skills/audit-skills/SKILL.md
Normal file
@@ -0,0 +1,128 @@
|
||||
---
|
||||
name: audit-skills
|
||||
description: "Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS)."
|
||||
category: security
|
||||
risk: safe
|
||||
source: community
|
||||
date_added: "2026-03-07"
|
||||
author: MAIOStudio
|
||||
tags: [security, audit, skills, bundles, cross-platform]
|
||||
tools: [claude, gemini, gpt, llama, mistral, etc]
|
||||
---
|
||||
|
||||
# Audit Skills (Premium Universal Security)
|
||||
|
||||
## Overview
|
||||
|
||||
Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).
|
||||
2-4 sentences is perfect.
|
||||
|
||||
## When to Use This Skill
|
||||
|
||||
- Use when you need to audit AI skills and bundles for security vulnerabilities
|
||||
- Use when working with cross-platform security analysis
|
||||
- Use when the user asks about verifying skill legitimacy or performing security reviews
|
||||
- Use when scanning for mobile threats in AI skills
|
||||
|
||||
## How It Works
|
||||
|
||||
### Step 1: Static Analysis
|
||||
|
||||
Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads.
|
||||
|
||||
### Step 2: Platform-Specific Threat Detection
|
||||
|
||||
Analyzes code for platform-specific security issues across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).
|
||||
|
||||
#### 1. Privilege, Ownership & Metadata Manipulation
|
||||
- **Elevated Access**: `sudo`, `chown`, `chmod`, `TakeOwnership`, `icacls`, `Set-ExecutionPolicy`.
|
||||
- **Metadata Tampering**: `touch -t`, `setfile` (macOS), `attrib` (Windows), `Set-ItemProperty`, `chflags`.
|
||||
- **Risk**: Unauthorized access, masking activity, or making files immutable.
|
||||
|
||||
#### 2. File/Folder Locking & Resource Denial
|
||||
- **Patterns**: `chmod 000`, `chattr +i` (immutable), `attrib +r +s +h`, `Deny` ACEs in `icacls`.
|
||||
- **Global Actions**: Locking or hiding folders in `%USERPROFILE%`, `/Users/`, or `/etc/`.
|
||||
- **Risk**: Denial of service or data locking.
|
||||
|
||||
#### 3. Script Execution & Batch Invocation
|
||||
- **Legacy/Batch Windows**: `.bat`, `.cmd`, `cmd.exe /c`, `vbs`, `cscript`, `wscript`.
|
||||
- **Unix Shell**: `.sh`, `.bash`, `.zsh`, `chmod +x` followed by execution.
|
||||
- **PowerShell**: `.ps1`, `powershell -ExecutionPolicy Bypass -File ...`.
|
||||
- **Hidden Flags**: `-WindowStyle Hidden`, `-w hidden`, `-noprofile`.
|
||||
|
||||
#### 4. Dangerous Install/Uninstall & System Changes
|
||||
- **Windows**: `msiexec /qn`, `choco uninstall`, `reg delete`.
|
||||
- **Linux/Unix**: `apt-get purge`, `yum remove`, `rm -rf /usr/bin/...`.
|
||||
- **macOS**: `brew uninstall`, deleting from `/Applications`.
|
||||
- **Risk**: Removing security software or creating unmonitored installation paths.
|
||||
|
||||
#### 5. Mobile Application & OS Security (Android/iOS)
|
||||
- **Android Tools**: `adb shell`, `pm install`, `am start`, `apktool`, `dex2jar`, `keytool`.
|
||||
- **Android Files**: Manipulation of `AndroidManifest.xml` (permissions), `classes.dex`, or `strings.xml`.
|
||||
- **iOS Tools**: `xcodebuild`, `codesign`, `security find-identity`, `fastlane`, `xcrun`.
|
||||
- **iOS Files**: Manipulation of `Info.plist`, `Entitlements.plist`, or `Provisioning Profiles`.
|
||||
- **Mobile Patterns**: Jailbreak/Root detection bypasses, hardcoded API keys in mobile source, or sensitive permission requests (Camera, GPS, Contacts) in non-mobile skills.
|
||||
- **Risk**: Malicious mobile package injection, credential theft from mobile builds, or device manipulation via ADB.
|
||||
|
||||
#### 6. Information Disclosure & Network Exfiltration
|
||||
- **Patterns**: `curl`, `wget`, `Invoke-WebRequest`, `Invoke-RestMethod`, `scp`, `ftp`, `nc`, `socat`.
|
||||
- **Sensible Data**: `.env`, `.ssh`, `cookies.sqlite`, `Keychains` (macOS), `Credentials` (Windows), `keystore` (Android).
|
||||
- **Intranet**: Scanning internal IPs or mapping local services.
|
||||
|
||||
#### 7. Service, Process & Stability Manipulation
|
||||
- **Windows**: `Stop-Service`, `taskkill /f`, `sc.exe delete`.
|
||||
- **Unix/Mac**: `kill -9`, `pkill`, `systemctl disable/stop`, `launchctl unload`.
|
||||
- **Low-level**: Direct disk access (`dd`), firmware/BIOS calls, kernel module management.
|
||||
|
||||
#### 8. Obfuscation & Persistence
|
||||
- **Encoding**: `Base64`, `Hex`, `XOR` loops, `atob()`.
|
||||
- **Persistence**: `reg add` (Run keys), `schtasks`, `crontab`, `launchctl` (macOS), `systemd` units.
|
||||
- **Tubes**: `curl ... | bash`, `iwr ... | iex`.
|
||||
|
||||
#### 9. Legitimacy & Scope (Universal)
|
||||
- **Registry Alignment**: Cross-reference with `CATALOG.md`.
|
||||
- **Structural Integrity**: Does it follow the standard repo layout?
|
||||
- **Healthy Scope**: Does a "UI Design" skill need `adb shell` or `sudo`?
|
||||
|
||||
### Step 3: Reporting
|
||||
|
||||
Generates a security report with a score (0-10), platform target identification, flagged actions, threat analysis, and mitigation recommendations.
|
||||
|
||||
## Examples
|
||||
|
||||
### Example 1: Security Review
|
||||
|
||||
```markdown
|
||||
"Perform a security audit on this skill bundle"
|
||||
```
|
||||
|
||||
### Example 2: Cross-Platform Threat Analysis
|
||||
|
||||
```markdown
|
||||
"Scan for mobile threats in this AI skill"
|
||||
```
|
||||
|
||||
## Best Practices
|
||||
|
||||
- ✅ Perform non-intrusive analysis
|
||||
- ✅ Check for privilege escalation patterns
|
||||
- ✅ Look for information disclosure vulnerabilities
|
||||
- ✅ Analyze cross-platform threats
|
||||
- ❌ Don't execute potentially malicious code during audit
|
||||
- ❌ Don't modify the code being audited
|
||||
- ❌ Don't ignore mobile-specific security concerns
|
||||
|
||||
## Common Pitfalls
|
||||
|
||||
- **Problem:** Executing code during audit
|
||||
**Solution:** Stick to static analysis methods only
|
||||
|
||||
- **Problem:** Missing cross-platform threats
|
||||
**Solution:** Check for platform-specific security issues on all supported platforms
|
||||
|
||||
- **Problem:** Failing to detect obfuscated payloads
|
||||
**Solution:** Look for encoding patterns like Base64, Hex, XOR loops, and atob()
|
||||
|
||||
## Related Skills
|
||||
|
||||
- `@security-scanner` - Additional security scanning capabilities
|
||||
Reference in New Issue
Block a user