First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
5
Score
92/100
Findings (5)
Section claims authority and urgency with dangerous instructions
skills
/
jezweb
/
claude-skills
/
open-source-contributions
open-source-contributions
$
npx skills add https://github.com/jezweb/claude-skills --skill open-source-contributions
SKILL.md
Open Source Co...Remove false authority claims (e.g., claiming administrator or root-level access) from tool descriptions. Tool descriptions should describe capabilities, not claim elevated roles.
Likely FP if the matched text is documentation explaining role-based access control concepts or describing user personas, not impersonating a system role.
Detects execution of shell script files via bash/sh command or direct invocation
./scripts/pre-pr-check.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
./scripts/clean-branch.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
./scripts/pre-pr-check.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.
Detects execution of shell script files via bash/sh command or direct invocation
./scripts/pre-pr-check.shReplace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.
Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.