SecondBrain/skills-sh-security-scans-ar...

41 lines
2.0 KiB
Markdown

---
type: reference
title: skills.sh security risk assessments are heuristic capability flags, not malware verdicts
summary: "How to interpret skills.sh's Gen/Socket/Snyk security table: High/Med ratings fire on benign capability patterns, so read the per-skill detail page and the actual files before trusting a flag."
tags:
- type/reference
- tool/skills-sh
- domain/agent-skills
- domain/security
scope: global
last_updated: 2026-07-14
date: 2026-07-14
source: cc-os
---
# skills.sh security scans are heuristic
The "Security Risk Assessments" table shown by the `npx skills` installer (Gen, Socket,
Snyk columns) reports heuristic capability flags, not malware verdicts. High/Med ratings
routinely fire on benign patterns:
- **Snyk W007 (credential handling)** — skill instructs pasting CLI output or bundles an
executable `.sh` file, even an inert interactive one.
- **Snyk W011 (indirect prompt injection)** — skill reads external issue/ticket/PR text
into context (any tracker-reading skill triggers this).
- **Socket anomaly alerts** — trust-chain patterns like "posts autonomously to an external
tracker"; explicitly not malware findings.
Verified 2026-07-14 on Matt Pocock's skill pack: all five flags (one High, three Med, one
Socket alert) traced to legitimate documented features; full local file reads found no
injection, obfuscation, network calls, or confirmation bypasses. Third-party testing
(dev.to bolhasec obfuscation study; caveman#28) shows the scanners are inconsistent —
Socket missed a known-malicious baseline while Gen over-flagged benign scripts.
**Procedure when a flag appears:** open
`skills.sh/<owner>/<pack>/<skill>/security/<scanner>` for the specific finding, then read
the installed skill files (typically `~/.agents/skills/<name>/`) checking for network
calls, obfuscation, credential access, and confirmation bypasses. Trust the file contents
and publisher reputation over the badge — in both directions: a "Safe" row is equally
weak evidence.