{"id":"efbc2ef2-0974-44b5-9f08-2b0aead1189a","shortId":"uCxsCD","kind":"skill","title":"audit-skills","tagline":"Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).","description":"<!-- security-allowlist: curl-pipe-bash -->\n\n# Audit Skills (Premium Universal Security)\n\n## Overview\n\nExpert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).\n2-4 sentences is perfect.\n\n## When to Use This Skill\n\n- Use when you need to audit AI skills and bundles for security vulnerabilities\n- Use when working with cross-platform security analysis\n- Use when the user asks about verifying skill legitimacy or performing security reviews\n- Use when scanning for mobile threats in AI skills\n\n## How It Works\n\n### Step 1: Static Analysis\n\nPerforms non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads.\n\n### Step 2: Platform-Specific Threat Detection\n\nAnalyzes code for platform-specific security issues across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).\n\n#### 1. Privilege, Ownership & Metadata Manipulation\n- **Elevated Access**: `sudo`, `chown`, `chmod`, `TakeOwnership`, `icacls`, `Set-ExecutionPolicy`.\n- **Metadata Tampering**: `touch -t`, `setfile` (macOS), `attrib` (Windows), `Set-ItemProperty`, `chflags`.\n- **Risk**: Unauthorized access, masking activity, or making files immutable.\n\n#### 2. File/Folder Locking & Resource Denial\n- **Patterns**: `chmod 000`, `chattr +i` (immutable), `attrib +r +s +h`, `Deny` ACEs in `icacls`.\n- **Global Actions**: Locking or hiding folders in `%USERPROFILE%`, `/Users/`, or `/etc/`.\n- **Risk**: Denial of service or data locking.\n\n#### 3. Script Execution & Batch Invocation\n- **Legacy/Batch Windows**: `.bat`, `.cmd`, `cmd.exe /c`, `vbs`, `cscript`, `wscript`.\n- **Unix Shell**: `.sh`, `.bash`, `.zsh`, `chmod +x` followed by execution.\n- **PowerShell**: `.ps1`, `powershell -ExecutionPolicy Bypass -File ...`.\n- **Hidden Flags**: `-WindowStyle Hidden`, `-w hidden`, `-noprofile`.\n\n#### 4. Dangerous Install/Uninstall & System Changes\n- **Windows**: `msiexec /qn`, `choco uninstall`, `reg delete`.\n- **Linux/Unix**: `apt-get purge`, `yum remove`, `rm -rf /usr/bin/...`.\n- **macOS**: `brew uninstall`, deleting from `/Applications`.\n- **Risk**: Removing security software or creating unmonitored installation paths.\n\n#### 5. Mobile Application & OS Security (Android/iOS)\n- **Android Tools**: `adb shell`, `pm install`, `am start`, `apktool`, `dex2jar`, `keytool`.\n- **Android Files**: Manipulation of `AndroidManifest.xml` (permissions), `classes.dex`, or `strings.xml`.\n- **iOS Tools**: `xcodebuild`, `codesign`, `security find-identity`, `fastlane`, `xcrun`.\n- **iOS Files**: Manipulation of `Info.plist`, `Entitlements.plist`, or `Provisioning Profiles`.\n- **Mobile Patterns**: Jailbreak/Root detection bypasses, hardcoded API keys in mobile source, or sensitive permission requests (Camera, GPS, Contacts) in non-mobile skills.\n- **Risk**: Malicious mobile package injection, credential theft from mobile builds, or device manipulation via ADB.\n\n#### 6. Information Disclosure & Network Exfiltration\n- **Patterns**: `curl`, `wget`, `Invoke-WebRequest`, `Invoke-RestMethod`, `scp`, `ftp`, `nc`, `socat`.\n- **Sensible Data**: `.env`, `.ssh`, `cookies.sqlite`, `Keychains` (macOS), `Credentials` (Windows), `keystore` (Android).\n- **Intranet**: Scanning internal IPs or mapping local services.\n\n#### 7. Service, Process & Stability Manipulation\n- **Windows**: `Stop-Service`, `taskkill /f`, `sc.exe delete`.\n- **Unix/Mac**: `kill -9`, `pkill`, `systemctl disable/stop`, `launchctl unload`.\n- **Low-level**: Direct disk access (`dd`), firmware/BIOS calls, kernel module management.\n\n#### 8. Obfuscation & Persistence\n- **Encoding**: `Base64`, `Hex`, `XOR` loops, `atob()`.\n- **Persistence**: `reg add` (Run keys), `schtasks`, `crontab`, `launchctl` (macOS), `systemd` units.\n- **Tubes**: `curl ... | bash`, `iwr ... | iex`.\n\n#### 9. Legitimacy & Scope (Universal)\n- **Registry Alignment**: Cross-reference with `CATALOG.md`.\n- **Structural Integrity**: Does it follow the standard repo layout?\n- **Healthy Scope**: Does a \"UI Design\" skill need `adb shell` or `sudo`?\n\n### Step 3: Reporting\n\nGenerates a security report with a score (0-10), platform target identification, flagged actions, threat analysis, and mitigation recommendations.\n\n## Examples\n\n### Example 1: Security Review\n\n```markdown\n\"Perform a security audit on this skill bundle\"\n```\n\n### Example 2: Cross-Platform Threat Analysis\n\n```markdown\n\"Scan for mobile threats in this AI skill\"\n```\n\n## Best Practices\n\n- ✅ Perform non-intrusive analysis\n- ✅ Check for privilege escalation patterns\n- ✅ Look for information disclosure vulnerabilities\n- ✅ Analyze cross-platform threats\n- ❌ Don't execute potentially malicious code during audit\n- ❌ Don't modify the code being audited\n- ❌ Don't ignore mobile-specific security concerns\n\n## Common Pitfalls\n\n- **Problem:** Executing code during audit\n  **Solution:** Stick to static analysis methods only\n\n- **Problem:** Missing cross-platform threats\n  **Solution:** Check for platform-specific security issues on all supported platforms\n\n- **Problem:** Failing to detect obfuscated payloads\n **Solution:** Look for encoding patterns like Base64, Hex, XOR loops, and atob()\n\n## Related Skills\n\n- `@security-scanner` - Additional security scanning capabilities\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["audit","skills","antigravity","awesome","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity-skills"],"capabilities":["skill","source-sickn33","skill-audit-skills","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/audit-skills","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34964 github stars · SKILL.md body (5,695 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-25T00:50:28.996Z","embedding":null,"createdAt":"2026-04-18T21:31:35.253Z","updatedAt":"2026-04-25T00:50:28.996Z","lastSeenAt":"2026-04-25T00:50:28.996Z","tsv":"'-10':545 '-4':77 '-9':459 '/applications':314 '/c':260 '/etc':242 '/f':454 '/qn':294 '/users':240 '/usr/bin':308 '0':544 '000':220 '1':134,177,558 '2':76,156,213,571 '3':250,535 '4':287 '5':324 '6':407 '7':444 '8':477 '9':502 'access':183,206,470 'ace':229 'across':30,69,170 'action':233,550 'activ':208 'adb':332,406,530 'add':488 'addit':686 'ai':8,47,92,128,584 'align':507 'analysi':17,56,107,136,142,552,576,592,642 'analyz':162,603 'android':330,341,435 'android/ios':36,75,176,329 'androidmanifest.xml':345 'api':375 'apktool':338 'applic':326 'apt':301 'apt-get':300 'ask':112,723 'atob':485,680 'attrib':198,224 'audit':2,37,91,565,615,622,637 'audit-skil':1 'auditor':6,45 'base64':481,675 'bash':267,499 'bat':257 'batch':253 'best':586 'boundari':731 'brew':310 'build':401 'bundl':11,50,95,569 'bypass':278,373 'call':473 'camera':384 'capabl':689 'catalog.md':512 'chang':291 'chattr':221 'check':593,652 'chflag':203 'chmod':186,219,269 'choco':295 'chown':185 'clarif':725 'classes.dex':347 'clear':698 'cmd':258 'cmd.exe':259 'code':163,613,620,635 'codesign':353 'common':631 'concern':630 'contact':386 'cookies.sqlite':429 'creat':320 'credenti':397,432 'criteria':734 'crontab':492 'cross':104,509,573,605,648 'cross-platform':103,572,604,647 'cross-refer':508 'cscript':262 'curl':413,498 'danger':288 'data':22,61,147,248,426 'dd':471 'delet':298,312,456 'deni':228 'denial':217,244 'describ':702 'design':527 'detect':161,372,666 'devic':403 'dex2jar':339 'direct':468 'disable/stop':462 'disclosur':409,601 'disk':469 'elev':182 'encod':480,672 'entitlements.plist':365 'env':427 'environ':714 'environment-specif':713 'escal':596 'exampl':556,557,570 'execut':252,273,610,634 'executionpolici':191,277 'exfiltr':411 'expert':4,43,719 'fail':664 'fastlan':358 'file':211,279,342,361 'file/folder':214 'find':356 'find-ident':355 'firmware/bios':472 'flag':281,549 'folder':237 'follow':271,517 'ftp':422 'generat':537 'get':302 'global':232 'gps':385 'h':227 'hardcod':374 'healthi':522 'hex':482,676 'hidden':280,283,285 'hide':236 'icacl':188,231 'ident':357 'identif':548 'identifi':19,58,144 'iex':501 'ignor':625 'immut':212,223 'info.plist':364 'inform':408,600 'inject':396 'input':728 'instal':322,335 'install/uninstall':289 'integr':514 'intern':438 'intranet':436 'intrus':15,54,140,591 'invoc':254 'invok':416,419 'invoke-restmethod':418 'invoke-webrequest':415 'io':350,360 'ip':439 'issu':169,658 'itemproperti':202 'iwr':500 'jailbreak/root':371 'kernel':474 'key':376,490 'keychain':430 'keystor':434 'keytool':340 'kill':458 'launchctl':463,493 'layout':521 'leak':23,62,148 'legacy/batch':255 'legitimaci':116,503 'level':467 'like':674 'limit':690 'linux/unix':33,72,173,299 'local':442 'lock':215,234,249 'look':598,670 'loop':484,678 'low':466 'low-level':465 'maco':32,71,172,197,309,431,494 'make':210 'malici':20,59,145,393,612 'manag':476 'manipul':181,343,362,404,448 'map':441 'markdown':561,577 'mask':207 'match':699 'metadata':180,192 'method':643 'miss':646,736 'mitig':554 'mobil':35,74,125,175,325,369,378,390,394,400,580,627 'mobile-specif':626 'modifi':618 'modul':475 'msiexec':293 'nc':423 'need':89,529 'network':410 'non':14,53,139,389,590 'non-intrus':13,52,138,589 'non-mobil':388 'noprofil':286 'obfusc':28,67,153,478,667 'os':327 'output':708 'overview':42 'ownership':179 'packag':395 'path':323 'pattern':21,60,146,218,370,412,597,673 'payload':29,68,154,668 'perfect':80 'perform':12,51,118,137,562,588 'permiss':346,382,729 'persist':479,486 'pitfal':632 'pkill':460 'platform':105,158,166,546,574,606,649,655,662 'platform-specif':157,165,654 'pm':334 'potenti':611 'powershel':274,276 'practic':587 'premium':39 'privileg':178,595 'problem':633,645,663 'process':446 'profil':368 'provis':367 'ps1':275 'purg':303 'r':225 'recommend':555 'refer':510 'reg':297,487 'registri':506 'relat':681 'remov':305,316 'repo':520 'report':536,540 'request':383 'requir':727 'resourc':216 'restmethod':420 'review':120,560,720 'rf':307 'risk':26,65,151,204,243,315,392 'rm':306 'run':489 'safeti':730 'sc.exe':455 'scan':123,437,578,688 'scanner':685 'schtask':491 'scope':504,523,701 'score':543 'scp':421 'script':251 'secur':5,41,44,97,106,119,168,317,328,354,539,559,564,629,657,684,687 'security-scann':683 'sensibl':425 'sensit':381 'sentenc':78 'servic':246,443,445,452 'set':190,201 'set-executionpolici':189 'set-itemproperti':200 'setfil':196 'sh':266 'shell':265,333,531 'skill':3,9,38,48,85,93,115,129,391,528,568,585,682,693 'skill-audit-skills' 'socat':424 'softwar':318 'solut':638,651,669 'sourc':379 'source-sickn33' 'specif':159,167,628,656,715 'ssh':428 'stabil':25,64,150,447 'standard':519 'start':337 'static':16,55,135,141,641 'step':133,155,534 'stick':639 'stop':451,721 'stop-servic':450 'strings.xml':349 'structur':513 'substitut':711 'success':733 'sudo':184,533 'support':661 'system':24,63,149,290 'systemctl':461 'systemd':495 'takeownership':187 'tamper':193 'target':547 'task':697 'taskkil':453 'test':717 'theft':398 'threat':126,160,551,575,581,607,650 'tool':331,351 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'touch':194 'treat':706 'tube':497 'ui':526 'unauthor':205 'uninstal':296,311 'unit':496 'univers':40,505 'unix':264 'unix/mac':457 'unload':464 'unmonitor':321 'use':83,86,99,108,121,691 'user':111 'userprofil':239 'valid':716 'vbs':261 'verifi':114 'via':405 'vulner':98,602 'w':284 'webrequest':417 'wget':414 'window':31,70,171,199,256,292,433,449 'windowstyl':282 'work':101,132 'wscript':263 'x':270 'xcodebuild':352 'xcrun':359 'xor':483,677 'yum':304 'zsh':268","prices":[{"id":"98ad4496-4b9e-47de-9169-c4d434655aac","listingId":"efbc2ef2-0974-44b5-9f08-2b0aead1189a","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:31:35.253Z"}],"sources":[{"listingId":"efbc2ef2-0974-44b5-9f08-2b0aead1189a","source":"github","sourceId":"sickn33/antigravity-awesome-skills/audit-skills","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/audit-skills","isPrimary":false,"firstSeenAt":"2026-04-18T21:31:35.253Z","lastSeenAt":"2026-04-25T00:50:28.996Z"}],"details":{"listingId":"efbc2ef2-0974-44b5-9f08-2b0aead1189a","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"audit-skills","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34964,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-24T06:41:17Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"344701165b828181af587985b0b65e3a5a3186c3","skill_md_path":"skills/audit-skills/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/audit-skills"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"audit-skills","description":"Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS)."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/audit-skills"},"updatedAt":"2026-04-25T00:50:28.996Z"}}