100Critical
This malicious skill masquerades as a security tool while executing reverse shells, injecting persistent SSH access, and bypassing user oversight to exfiltrate credentials and perform unauthorized remote code execution.
Skill Info
Namealiksir/claude-code-skill-security-check
Registrygithub
Version174a80823071
PURLpkg:github/aliksir/claude-code-skill-security-check@174a80823071
Stars3
Source
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
Skills.shDocs
npx skills add https://github.com/aliksir/claude-code-skill-security-checkAssessments (7)
AI Agent Traps ↗Access to known credential file paths detectedcriticalcredential theftAML.T0055AML.T0037LLM02:2025
Access to known credential file paths detected (seen 6 times in this file at lines 211, 212, 247, 430, 441, 485)
100% confidenceline 211
~/.ssh/id_rsa
Reverse shell pattern detectedcriticalcommand executionAML.T0050AML.T0053AML.T0072LLM05:2025LLM06:2025
Reverse shell pattern detected (seen 3 times in this file at lines 221, 222, 223)
100% confidenceline 221
bash -i >&
Remote code download and execution detectedcriticalcommand executionAML.T0050AML.T0053AML.T0072LLM05:2025LLM06:2025
Remote code download and execution detected
100% confidenceline 494
python -c "import urllib
Hidden instruction tags in tool output — fake system/admin directives injected into responseshightool poisoningAML.T0053AML.T0010.001LLM06:2025LLM03:2025
Hidden instruction tags in tool output — fake system/admin directives injected into responses
100% confidenceline 164
<system>
SSH authorized_keys injection — attempts to add persistent SSH accesshighpersistenceAML.T0053AML.T0050LLM06:2025
SSH authorized_keys injection — attempts to add persistent SSH access
100% confidenceline 232
echo "ssh-rsa" >> ~/.ssh/authorized_keys`, public key injection into authorized_keys
Scheduled task/cron job creation detectedhighcommand executionAML.T0050AML.T0053AML.T0072LLM05:2025LLM06:2025
Scheduled task/cron job creation detected
100% confidenceline 235
systemctl enable
Unverified dependency installationmediumsupply chainAML.T0010AML.T0019AML.T0058LLM03:2025
The installation instructions for the CLI tool do not specify a version pin or hash, exposing the user to supply chain attacks where the package content can change without notice.
80% confidenceline 57
pip install skill-scanner
Sub-agent spawning instructions detected — may create agents with attacker-controlled promptsmediumsub agent spawningAML.T0053AML.T0051.001LLM06:2025
Sub-agent spawning instructions detected — may create agents with attacker-controlled prompts
100% confidenceline 302
spawn agent
LLM control/chat tokens detected in skill contentcriticalprompt injectionAML.T0051AML.T0051.000AML.T0051.001AML.T0054LLM01:2025
LLM control/chat tokens detected in skill content (seen 4 times in this file at lines 384, 386, 387, 389)
100% confidenceline 384
[INST]
XOR-based payload obfuscation (xor combined with decode/exec/shellcode) detectedmediumobfuscationAML.T0068AML.T0015LLM01:2025
XOR-based payload obfuscation (xor combined with decode/exec/shellcode) detected
100% confidenceline 291
xor`, `^=`, `bytes([a ^ b for` — XOR operations for payload
Potential brand impersonationmediumsocial engineeringAML.T0052.000LLM09:2025
Skill name or description references a well-known AI brand, which may suggest impersonation.
70% confidence
claude
Unpinned dependency installation — package installed without version pinningmediumsupply chainAML.T0010AML.T0019AML.T0058LLM03:2025
Unpinned dependency installation — package installed without version pinning (seen 2 times in this file at lines 57, 70)
100% confidenceline 57
pip install skill-scanner
User confirmation bypass detected — attempts to skip human oversightmediumautonomy abuseAML.T0034.002AML.T0053LLM06:2025LLM10:2025
User confirmation bypass detected — attempts to skip human oversight (seen 4 times in this file at lines 337, 408, 531, 532)
100% confidenceline 337
no confirmation needed
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "CHANGELOG.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[CHANGELOG.md](CHANGELOG.md)
Referenced file missing from skill packagelowpolicy violation
SKILL.md links to "hooks/README.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
90% confidence
[`hooks/README.md`](hooks/README.md)
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/aliksir/claude-code-skill-security-check)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/aliksir/claude-code-skill-security-check"><img src="https://mondoo.com/ai-agent-security/api/badge/github/aliksir/claude-code-skill-security-check.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/aliksir/claude-code-skill-security-check.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow