Skills
skills/sickn33/antigravity-awesome-skills/audit-skills

audit-skills

SKILL.md

Audit Skills (Premium Universal Security)

Overview

Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS). 2-4 sentences is perfect.

When to Use This Skill

  • Use when you need to audit AI skills and bundles for security vulnerabilities
  • Use when working with cross-platform security analysis
  • Use when the user asks about verifying skill legitimacy or performing security reviews
  • Use when scanning for mobile threats in AI skills

How It Works

Step 1: Static Analysis

Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads.

Step 2: Platform-Specific Threat Detection

Analyzes code for platform-specific security issues across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).

1. Privilege, Ownership & Metadata Manipulation

  • Elevated Access: sudo, chown, chmod, TakeOwnership, icacls, Set-ExecutionPolicy.
  • Metadata Tampering: touch -t, setfile (macOS), attrib (Windows), Set-ItemProperty, chflags.
  • Risk: Unauthorized access, masking activity, or making files immutable.

2. File/Folder Locking & Resource Denial

  • Patterns: chmod 000, chattr +i (immutable), attrib +r +s +h, Deny ACEs in icacls.
  • Global Actions: Locking or hiding folders in %USERPROFILE%, /Users/, or /etc/.
  • Risk: Denial of service or data locking.

3. Script Execution & Batch Invocation

  • Legacy/Batch Windows: .bat, .cmd, cmd.exe /c, vbs, cscript, wscript.
  • Unix Shell: .sh, .bash, .zsh, chmod +x followed by execution.
  • PowerShell: .ps1, powershell -ExecutionPolicy Bypass -File ....
  • Hidden Flags: -WindowStyle Hidden, -w hidden, -noprofile.

4. Dangerous Install/Uninstall & System Changes

  • Windows: msiexec /qn, choco uninstall, reg delete.
  • Linux/Unix: apt-get purge, yum remove, rm -rf /usr/bin/....
  • macOS: brew uninstall, deleting from /Applications.
  • Risk: Removing security software or creating unmonitored installation paths.

5. Mobile Application & OS Security (Android/iOS)

  • Android Tools: adb shell, pm install, am start, apktool, dex2jar, keytool.
  • Android Files: Manipulation of AndroidManifest.xml (permissions), classes.dex, or strings.xml.
  • iOS Tools: xcodebuild, codesign, security find-identity, fastlane, xcrun.
  • iOS Files: Manipulation of Info.plist, Entitlements.plist, or Provisioning Profiles.
  • Mobile Patterns: Jailbreak/Root detection bypasses, hardcoded API keys in mobile source, or sensitive permission requests (Camera, GPS, Contacts) in non-mobile skills.
  • Risk: Malicious mobile package injection, credential theft from mobile builds, or device manipulation via ADB.

6. Information Disclosure & Network Exfiltration

  • Patterns: curl, wget, Invoke-WebRequest, Invoke-RestMethod, scp, ftp, nc, socat.
  • Sensible Data: .env, .ssh, cookies.sqlite, Keychains (macOS), Credentials (Windows), keystore (Android).
  • Intranet: Scanning internal IPs or mapping local services.

7. Service, Process & Stability Manipulation

  • Windows: Stop-Service, taskkill /f, sc.exe delete.
  • Unix/Mac: kill -9, pkill, systemctl disable/stop, launchctl unload.
  • Low-level: Direct disk access (dd), firmware/BIOS calls, kernel module management.

8. Obfuscation & Persistence

  • Encoding: Base64, Hex, XOR loops, atob().
  • Persistence: reg add (Run keys), schtasks, crontab, launchctl (macOS), systemd units.
  • Tubes: curl ... | bash, iwr ... | iex.

9. Legitimacy & Scope (Universal)

  • Registry Alignment: Cross-reference with CATALOG.md.
  • Structural Integrity: Does it follow the standard repo layout?
  • Healthy Scope: Does a "UI Design" skill need adb shell or sudo?

Step 3: Reporting

Generates a security report with a score (0-10), platform target identification, flagged actions, threat analysis, and mitigation recommendations.

Examples

Example 1: Security Review

"Perform a security audit on this skill bundle"

Example 2: Cross-Platform Threat Analysis

"Scan for mobile threats in this AI skill"

Best Practices

  • ✅ Perform non-intrusive analysis
  • ✅ Check for privilege escalation patterns
  • ✅ Look for information disclosure vulnerabilities
  • ✅ Analyze cross-platform threats
  • ❌ Don't execute potentially malicious code during audit
  • ❌ Don't modify the code being audited
  • ❌ Don't ignore mobile-specific security concerns

Common Pitfalls

  • Problem: Executing code during audit Solution: Stick to static analysis methods only

  • Problem: Missing cross-platform threats Solution: Check for platform-specific security issues on all supported platforms

  • Problem: Failing to detect obfuscated payloads Solution: Look for encoding patterns like Base64, Hex, XOR loops, and atob()

Related Skills

  • @security-scanner - Additional security scanning capabilities
Weekly Installs
13
Repository
sickn33/antigra…e-skills
GitHub Stars
24.6K
First Seen
7 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
opencode13
kimi-cli12
gemini-cli12
amp12
cline12
github-copilot12