Thiernodcire/claude-skills-security
Working repo for analyzing the security implications of Claude skills: threat model, reviewer checklist, and annotated non-weaponized PoCs.
SUMMARY AI summary by gpt-5-mini
A working repository for analyzing the security implications of Claude Code “skills” and similar agent-loadable instruction bundles. It’s intended for developers, security reviewers, auditors, and operators who author, install, or evaluate skills and Agent SDK/MCP server bundles. Key points: - Documents concrete risks (e.g., skill description is trusted input injected into the agent prompt; skill bodies may include executable scripts; skills can chain with other tools; third‑party installs have low review friction). - Contains a threat model (THREAT_MODEL.md), annotated proof‑of‑concept skills demonstrating risky patterns, mitigations and a review checklist, and references. - Scope covers Claude Code, Claude Desktop/claude.ai, Agent SDK, and MCP-bundled skills; PoCs use safe payloads and the repo is an early, non-production workspace. License TBD.
DETECTED Detected AI stack
AI-related keywords found in this repo's description, topics, or README summary — grouped by category. Each badge links to the corresponding ranking detail page.
Owner
Dates
| Created on GitHub | 2026-05-12 |
| Last push | 2026-05-12 |
| First seen here | 2026-05-12 |
| Last fetched | 2026-05-12 16:13 |