70High
The skill enumerates sensitive environment variables and
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Systematic Debugging: Random fixes waste time and create new bugs. Quick patches mask underlying issues.
Actually does
This skill provides a structured methodology for systematic debugging, outlining four phases: Root Cause Investigation, Pattern Analysis, Hypothesis and Testing, and Implementation. It instructs the user on how to approach debugging problems, including reading error messages, reproducing issues, checking changes, gathering evidence (with example bash commands like `echo`, `env`, `security`, `codesign`), tracing data flow, forming hypotheses, and implementing fixes. It does not execute any commands, access data, or interact with external services itself, but rather guides the user's debugging process.
Skill Info
Nameobra/superpowers/systematic-debugging
Registrygithub
Versionf9b088f7b3a6
PURLpkg:github/obra/superpowers@f9b088f7b3a6?skill=systematic-debugging
Stars180,084
Installs82,300
Source
SHA-2564999cb851360...
SHA-1d5e4c5757396...
MD53a08f3330fce...
TLSH2d12e743fe49...
ssdeep192:S4OXoDMu...
Size9,884 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗System Reconnaissance and Credential Exposurehighreconnaissance
The skill includes bash commands that enumerate environment variables and system keychains. This capability, while presented as diagnostic, can expose sensitive information like cryptographic identities or API keys, leading to potential credential harvesting.
100% confidenceline 60
echo "IDENTITY: ${IDENTITY:+SET}${IDENTITY:-UNSET}"
env | grep IDENTITY
security list-keychains
security find-identity -vPotential for Malicious Code Signinghighcommand execution
The skill demonstrates the use of the `codesign` command, which allows signing applications with a specified identity. While intended for debugging, this command could be misused to sign malicious code or for privilege escalation if the agent's environment is compromised.
100% confidenceline 105
codesign --sign "$IDENTITY" --verbose=4 "$APP"
Skill Dependency (Supply Chain Risk)lowsupply chain
The skill references other skills (`superpowers:test-driven-development`, `superpowers:verification-before-completion`) as supporting techniques. This creates a dependency chain where the security of this skill relies on the integrity of the referenced skills.
90% confidenceline 200
- superpowers:test-driven-development - superpowers:verification-before-completion
Version History (4)
Dependencies (1)
superpowers.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/obra/superpowers/systematic-debugging)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/obra/superpowers/systematic-debugging"><img src="https://mondoo.com/ai-agent-security/api/badge/github/obra/superpowers/systematic-debugging.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/obra/superpowers/systematic-debugging.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow