First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
8
Score
70/100
Findings (8)
Detects skills that write or promote content into agent instruction files
Promote to `CLAUDE.mdRemove or restrict the skill's ability to modify CLAUDE.md or agent configuration files. Self-modifying agent configurations can be exploited for persistent attacks.
Likely FP if the skill is a project management tool where updating CLAUDE.md is an intended workflow feature (e.g., appending project notes), though the risk remains.
Detects skills that write or promote content into agent instruction files
promote to CLAUDE.md or .github/copilot-instructionsRemove or restrict the skill's ability to modify CLAUDE.md or agent configuration files. Self-modifying agent configurations can be exploited for persistent attacks.
Likely FP if the skill is a project management tool where updating CLAUDE.md is an intended workflow feature (e.g., appending project notes), though the risk remains.
Detects execution of shell script files via bash/sh command or direct invocation
./skills/self-improvement/scripts/activator.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
./skills/self-improvement/scripts/activator.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
./skills/self-improvement/scripts/error-detector.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
bash
./skills/self-improvement/scripts/extract-skill.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
./skills/self-improvement/scripts/extract-skill.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
./skills/self-improvement/scripts/extract-skill.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.