Skills
skills/guo-yu/skills/port-allocator/Gen Agent Trust Hub

port-allocator

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [Privilege Escalation] (HIGH): The skill's /port-allocator allow command instructs the agent to modify its own ~/.claude/settings.json file to whitelist high-risk command patterns. Specifically, whitelisting Bash(cat ~/.claude/*) grants the agent the ability to read all sensitive configuration, history, and potentially stored secrets within the Claude home directory without prompting the user.
  • [Persistence] (MEDIUM): The skill updates ~/.claude/CLAUDE.md, which is a global instruction file for the AI agent. This allows the skill to persist its rules and influence the agent's behavior across different project contexts and sessions.
  • [Command Execution] (MEDIUM): The skill encourages the use of kill -9 on system processes identified by port. Combined with the attempt to automate command permissions, this poses a risk of unintended service disruption or misuse of process management capabilities.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:10 PM