40Medium
The skill allows arbitrary file writes and
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Brainstorming Ideas Into Designs: Help turn ideas into fully formed designs and specs through natural collaborative dialogue.
Actually does
This skill guides a structured brainstorming process, starting by exploring local project files, documentation, and recent commits. It asks clarifying questions, proposes design approaches, and presents a design, which it documents by writing to a markdown file (`docs/superpowers/specs/YYYY-MM-DD-<topic>-design.md`) and committing it to git. It then invokes the `writing-plans` skill and may offer a 'Visual Companion' that involves opening a local URL for visual aids.
Skill Info
Nameobra/superpowers/brainstorming
Registrygithub
Versiona569527b89c1
PURLpkg:github/obra/superpowers@a569527b89c1?skill=brainstorming
Stars180,084
Installs138,800
Source
SHA-256bba47904a7f6...
SHA-11b0710979c67...
MD502d86f11c496...
TLSH9422e71bfa48...
ssdeep192:FJ44yQmb...
Size10,634 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (1)
AI Agent Traps ↗User-controlled file write path for design documentsmediumpersistence
The skill allows the agent to write design documents to a user-specified path, which could be abused to write to sensitive system locations if the agent has broad file system write permissions and user input is not properly sanitized.
100% confidenceline 112
(User preferences for spec location override this default)
Local URL opening capability for visual companionmediumcommand execution
The skill instructs the agent to open local URLs for visual companions, which could be exploited to trigger local file execution or access internal network resources if the underlying tool is not properly sandboxed.
100% confidenceline 152
Requires opening a local URL
Broad file system and Git accesslowcommand execution
The skill requires the agent to read project files, documentation, and recent commits, and to write and commit design documents, implying broad file system read/write and Git interaction capabilities.
100% confidenceline 24
check files, docs, recent commits
Version History (4)
Dependencies (1)
superpowers.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/obra/superpowers/brainstorming)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/obra/superpowers/brainstorming"><img src="https://mondoo.com/ai-agent-security/api/badge/github/obra/superpowers/brainstorming.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/obra/superpowers/brainstorming.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow