Skills from clawhub.ai/itsnishi

This skill scans a skill directory for injection, obfuscation, and exfiltration patterns and outputs a structured markdown report. It instructs running `python3 "$SKILL_DIR/scripts/scan_skill.py" "$ARGUMENTS"` and its frontmatter pre-approves `Bash` via `allowed-tools`, enabling local shell execution.

This skill is a repository security auditor that scans source code for hardcoded secrets, dangerous calls, and file-permission issues. It directs running `python3 "$SKILL_DIR/scripts/audit_code.py" "$ARGUMENTS"` and the included script reads `target_path.rglob(".env*")` and calls `env_file.read_text(...)` to inspect `.env` files.

This skill scans repository agent configuration files (`.claude/`, `.mcp.json`, `CLAUDE.md`) for malicious patterns and emits a structured report. It instructs running `python3 "$SKILL_DIR/scripts/vet_repo.py" "$PROJECT_ROOT"` (local shell execution); no external network calls or secret exfiltration are instructed.