Got several news/alerts about the malware distributed via skills.sh and clawdhub. There are some that are pretty basic techniques and can be scan easily by static analysis. So I have created a special skill (opensource) to do a simple auditing before installing any new skill. Thought it would be useful to share here.
npx skills add https://github.com/Montimage/skills —skill skill-auditor Then just spin up your agent and provide github link of the skill that you want to install, it will:
- scan for any sensitive reading (credentials, etc)
- scan for any sensitive action: delete, etc
- and other … More detail you can read in the github link. You also can find some useful skills for handling some boring tasks in your project: documentation, testing, setup ci/cd. Happy Clauding!!! submitted by /u/luongnv-com
Originally posted by u/luongnv-com on r/ClaudeCode
You must log in or # to comment.