SkillAudit

Public audits

Six-axis grades on Claude skills & MCP servers.

Every report card is produced by the SkillAudit v0.3 engine — six static checks plus an LLM-assisted prompt-injection probe. v0.3 introduces surface tiering: findings in examples/, samples/, benchmarks/, top-level scripts/, and .claude-plugin/install* deduct at lower weight than runtime tool surface, so a chatty benchmarks directory can't tank an otherwise-clean MCP. Real findings from a real scan, not a canned demo. If your repo is in the list and something looks wrong, the contact channel is open.

Methodology

Each report is produced by cloning the repo at its default branch, walking all .js / .ts / .py sources (tests and build artifacts weighted separately), and running six static checks:

  1. SSRF — HTTP client calls with user-controlled or templated URLs, no allowlist validation
  2. Command execexec/shell=True/os.system with interpolated strings
  3. Credentials — log/error sinks of process.env, hardcoded tokens by known prefix (AKIA, ghp_, sk-, …)
  4. Permissions — read-only named tools whose handler body contains a write/exec sink
  5. Maintenance — GitHub API for last-push, releases, archived, open-issue count
  6. Docs — README + install/usage sections, LICENSE, SECURITY.md, manifest repository field

Plus: LLM-assisted prompt-injection probe

v0.2 added a 7th check — the axis mechanical regex can't reach. We extract every server.tool(…) / @app.tool registration with ~60 lines of handler body, hand the bundle to Claude Haiku 4.5 with a red-team system prompt, and ask for structured findings on untrusted-content flow (web fetches, file reads, ticket bodies) into tool responses. One API call per repo, ~$0.02 per scan, with a bounded input cap. Findings roll up under the Security axis. If no API key is configured the probe gracefully skips and the static grade is still produced — this is why some reports below show a skipped line in the header.

Engine source is in the repo at product-api/audit/. The output for each target above is deterministic given the same commit; score deductions, severity weights, and grade buckets are in product-api/audit/report.js.

Want your repo audited next?

First 100 audits go to waitlist signups in order.

Join the waitlist →