medusa-security

This skill is a legitimate wrapper around a security scanner (Medusa) with supporting Node scripts to parse SARIF and produce structured findings. It requires installing and running third-party software and gives the agent shell and file write permissions; these are necessary for its functionality but introduce supply-chain and privilege risks. There are no explicit malicious behaviors, hardcoded attacker endpoints, or download-and-execute curl|bash patterns in the provided content. The main risks are: (1) executing a pip package and local node scripts from .claude (transitive code execution trust), (2) broad agent tooling (Bash, write/edit) that could be abused, and (3) potential leakage of sensitive contents in SARIF if uploaded. Recommend: review the medusa-security package provenance and lock its pinned version, audit the .claude Node scripts before execution, restrict agent permissions where possible (limit Bash/write), and sanitize or filter SARIF outputs before external upload.