[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-c459dac5-4ff2-4e3a-8476-d921e63ea24c":3,"$fbCgQ4KraK8nlldMafuQK9M1W1fMmhGdG-6Rxf6WGxvM":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"c459dac5-4ff2-4e3a-8476-d921e63ea24c","audit-skills","AI技能包和捆绑包的专家安全审计员。执行非侵入性静态分析，以识别恶意模式、数据泄露、系统稳定性风险和混淆有效载荷，涵盖Windows、macOS、Linux\u002FUnix和移动设备（Android\u002FiOS）。","cat_coding_review","mod_coding","sickn33,coding","---\nname: audit-skills\ndescription: \"Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux\u002FUnix, and Mobile (Android\u002FiOS).\"\ncategory: security\nrisk: safe\nsource: community\ndate_added: \"2026-03-07\"\nauthor: MAIOStudio\ntags: [security, audit, skills, bundles, cross-platform]\ntools: [claude, gemini, gpt, llama, mistral, etc]\n---\n\n\u003C!-- security-allowlist: curl-pipe-bash -->\n\n# Audit Skills (Premium Universal Security)\n\n## Overview\n\nExpert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux\u002FUnix, and Mobile (Android\u002FiOS).\n2-4 sentences is perfect.\n\n## When to Use This Skill\n\n- Use when you need to audit AI skills and bundles for security vulnerabilities\n- Use when working with cross-platform security analysis\n- Use when the user asks about verifying skill legitimacy or performing security reviews\n- Use when scanning for mobile threats in AI skills\n\n## How It Works\n\n### Step 1: Static Analysis\n\nPerforms non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads.\n\n### Step 2: Platform-Specific Threat Detection\n\nAnalyzes code for platform-specific security issues across Windows, macOS, Linux\u002FUnix, and Mobile (Android\u002FiOS).\n\n#### 1. Privilege, Ownership & Metadata Manipulation\n- **Elevated Access**: `sudo`, `chown`, `chmod`, `TakeOwnership`, `icacls`, `Set-ExecutionPolicy`.\n- **Metadata Tampering**: `touch -t`, `setfile` (macOS), `attrib` (Windows), `Set-ItemProperty`, `chflags`.\n- **Risk**: Unauthorized access, masking activity, or making files immutable.\n\n#### 2. File\u002FFolder Locking & Resource Denial\n- **Patterns**: `chmod 000`, `chattr +i` (immutable), `attrib +r +s +h`, `Deny` ACEs in `icacls`.\n- **Global Actions**: Locking or hiding folders in `%USERPROFILE%`, `\u002FUsers\u002F`, or `\u002Fetc\u002F`.\n- **Risk**: Denial of service or data locking.\n\n#### 3. Script Execution & Batch Invocation\n- **Legacy\u002FBatch Windows**: `.bat`, `.cmd`, `cmd.exe \u002Fc`, `vbs`, `cscript`, `wscript`.\n- **Unix Shell**: `.sh`, `.bash`, `.zsh`, `chmod +x` followed by execution.\n- **PowerShell**: `.ps1`, `powershell -ExecutionPolicy Bypass -File ...`.\n- **Hidden Flags**: `-WindowStyle Hidden`, `-w hidden`, `-noprofile`.\n\n#### 4. Dangerous Install\u002FUninstall & System Changes\n- **Windows**: `msiexec \u002Fqn`, `choco uninstall`, `reg delete`.\n- **Linux\u002FUnix**: `apt-get purge`, `yum remove`, `rm -rf \u002Fusr\u002Fbin\u002F...`.\n- **macOS**: `brew uninstall`, deleting from `\u002FApplications`.\n- **Risk**: Removing security software or creating unmonitored installation paths.\n\n#### 5. Mobile Application & OS Security (Android\u002FiOS)\n- **Android Tools**: `adb shell`, `pm install`, `am start`, `apktool`, `dex2jar`, `keytool`.\n- **Android Files**: Manipulation of `AndroidManifest.xml` (permissions), `classes.dex`, or `strings.xml`.\n- **iOS Tools**: `xcodebuild`, `codesign`, `security find-identity`, `fastlane`, `xcrun`.\n- **iOS Files**: Manipulation of `Info.plist`, `Entitlements.plist`, or `Provisioning Profiles`.\n- **Mobile Patterns**: Jailbreak\u002FRoot detection bypasses, hardcoded API keys in mobile source, or sensitive permission requests (Camera, GPS, Contacts) in non-mobile skills.\n- **Risk**: Malicious mobile package injection, credential theft from mobile builds, or device manipulation via ADB.\n\n#### 6. Information Disclosure & Network Exfiltration\n- **Patterns**: `curl`, `wget`, `Invoke-WebRequest`, `Invoke-RestMethod`, `scp`, `ftp`, `nc`, `socat`.\n- **Sensible Data**: `.env`, `.ssh`, `cookies.sqlite`, `Keychains` (macOS), `Credentials` (Windows), `keystore` (Android).\n- **Intranet**: Scanning internal IPs or mapping local services.\n\n#### 7. Service, Process & Stability Manipulation\n- **Windows**: `Stop-Service`, `taskkill \u002Ff`, `sc.exe delete`.\n- **Unix\u002FMac**: `kill -9`, `pkill`, `systemctl disable\u002Fstop`, `launchctl unload`.\n- **Low-level**: Direct disk access (`dd`), firmware\u002FBIOS calls, kernel module management.\n\n#### 8. Obfuscation & Persistence\n- **Encoding**: `Base64`, `Hex`, `XOR` loops, `atob()`.\n- **Persistence**: `reg add` (Run keys), `schtasks`, `crontab`, `launchctl` (macOS), `systemd` units.\n- **Tubes**: `curl ... | bash`, `iwr ... | iex`.\n\n#### 9. Legitimacy & Scope (Universal)\n- **Registry Alignment**: Cross-reference with `CATALOG.md`.\n- **Structural Integrity**: Does it follow the standard repo layout?\n- **Healthy Scope**: Does a \"UI Design\" skill need `adb shell` or `sudo`?\n\n### Step 3: Reporting\n\nGenerates a security report with a score (0-10), platform target identification, flagged actions, threat analysis, and mitigation recommendations.\n\n## Examples\n\n### Example 1: Security Review\n\n```markdown\n\"Perform a security audit on this skill bundle\"\n```\n\n### Example 2: Cross-Platform Threat Analysis\n\n```markdown\n\"Scan for mobile threats in this AI skill\"\n```\n\n## Best Practices\n\n- ✅ Perform non-intrusive analysis\n- ✅ Check for privilege escalation patterns\n- ✅ Look for information disclosure vulnerabilities\n- ✅ Analyze cross-platform threats\n- ❌ Don't execute potentially malicious code during audit\n- ❌ Don't modify the code being audited\n- ❌ Don't ignore mobile-specific security concerns\n\n## Common Pitfalls\n\n- **Problem:** Executing code during audit\n  **Solution:** Stick to static analysis methods only\n\n- **Problem:** Missing cross-platform threats\n  **Solution:** Check for platform-specific security issues on all supported platforms\n\n- **Problem:** Failing to detect obfuscated payloads\n **Solution:** Look for encoding patterns like Base64, Hex, XOR loops, and atob()\n\n## Related Skills\n\n- `@security-scanner` - Additional security scanning capabilities\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,233,839,"2026-05-16 13:04:27",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"代码审查","review","mdi-magnify-scan","代码质量分析、安全审查",4,145,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"3f0448a6-16b1-4fd2-8952-4eb9e0f01a31","1.0.0","audit-skills.zip",2831,"uploads\u002Fskills\u002Fc459dac5-4ff2-4e3a-8476-d921e63ea24c\u002Faudit-skills.zip","609e94830e1f23ec84b7dced5a690b5305bf975f396e44690fb7b3875d0308f3","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":6195}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]