cexll/myclaude
1
0
Fork 0
mirror of https://github.com/cexll/myclaude.git synced 2026-02-05 02:30:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat skill-install install script and security scan

Browse Source
This commit is contained in:
cexll
2026-01-05 21:02:07 +08:00
parent b81953a1d7
commit cf93a0ada9
2 changed files with 304 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

167
skills/skill-install/SKILL.md Normal file
View File

@@ -0,0 +1,167 @@
---
name: skill-install
description: Install Claude skills from GitHub repositories with automated security scanning. Triggers when users want to install skills from a GitHub URL, need to browse available skills in a repository, or want to safely add new skills to their Claude environment.
---
# Skill Install
## Overview
Install Claude skills from GitHub repositories with built-in security scanning to protect against malicious code, backdoors, and vulnerabilities.
## When to Use
Trigger this skill when the user:
- Provides a GitHub repository URL and wants to install skills
- Asks to "install skills from GitHub"
- Wants to browse and select skills from a repository
- Needs to add new skills to their Claude environment
## Workflow
### Step 1: Parse GitHub URL
Accept a GitHub repository URL from the user. The URL should point to a repository containing a `skills/` directory.
Supported URL formats:
- `https://github.com/user/repo`
- `https://github.com/user/repo/tree/main/skills`
- `https://github.com/user/repo/tree/branch-name/skills`
Extract:
- Repository owner
- Repository name
- Branch (default to `main` if not specified)
### Step 2: Fetch Skills List
Use the WebFetch tool to retrieve the skills directory listing from GitHub.
GitHub API endpoint pattern:
```
https://api.github.com/repos/{owner}/{repo}/contents/skills?ref={branch}
```
Parse the response to extract:
- Skill directory names
- Each skill should be a subdirectory containing a SKILL.md file
### Step 3: Present Skills to User
Use the AskUserQuestion tool to let the user select which skills to install.
Set `multiSelect: true` to allow multiple selections.
Present each skill with:
- Skill name (directory name)
- Brief description (if available from SKILL.md frontmatter)
### Step 4: Fetch Skill Content
For each selected skill, fetch all files in the skill directory:
1. Get the file tree for the skill directory
2. Download all files (SKILL.md, scripts/, references/, assets/)
3. Store the complete skill content for security analysis
Use WebFetch with GitHub API:
```
https://api.github.com/repos/{owner}/{repo}/contents/skills/{skill_name}?ref={branch}
```
For each file, fetch the raw content:
```
https://raw.githubusercontent.com/{owner}/{repo}/{branch}/skills/{skill_name}/{file_path}
```
### Step 5: Security Scan
**CRITICAL:** Before installation, perform a thorough security analysis of each skill.
Read the security scan prompt template from `references/security_scan_prompt.md` and apply it to analyze the skill content.
Examine for:
1. **Malicious Command Execution** - eval, exec, subprocess with shell=True
2. **Backdoor Detection** - obfuscated code, suspicious network requests
3. **Credential Theft** - accessing ~/.ssh, ~/.aws, environment variables
4. **Unauthorized Network Access** - external requests to suspicious domains
5. **File System Abuse** - destructive operations, unauthorized writes
6. **Privilege Escalation** - sudo attempts, system modifications
7. **Supply Chain Attacks** - suspicious package installations
Output the security analysis with:
- Security Status: SAFE / WARNING / DANGEROUS
- Risk Level: LOW / MEDIUM / HIGH / CRITICAL
- Detailed findings with file locations and severity
- Recommendation: APPROVE / APPROVE_WITH_WARNINGS / REJECT
### Step 6: User Decision
Based on the security scan results:
**If SAFE (APPROVE):**
- Proceed directly to installation
**If WARNING (APPROVE_WITH_WARNINGS):**
- Display the security warnings to the user
- Use AskUserQuestion to confirm: "Security warnings detected. Do you want to proceed with installation?"
- Options: "Yes, install anyway" / "No, skip this skill"
**If DANGEROUS (REJECT):**
- Display the critical security issues
- Refuse to install
- Explain why the skill is dangerous
- Do NOT provide an option to override for CRITICAL severity issues
### Step 7: Install Skills
For approved skills, install to `~/.claude/skills/`:
1. Create the skill directory: `~/.claude/skills/{skill_name}/`
2. Write all skill files maintaining the directory structure
3. Ensure proper file permissions (executable for scripts)
4. Verify SKILL.md exists and has valid frontmatter
Use the Write tool to create files.
### Step 8: Confirmation
After installation, provide a summary:
- List of successfully installed skills
- List of skipped skills (if any) with reasons
- Location: `~/.claude/skills/`
- Next steps: "The skills are now available. Restart Claude or use them directly."
## Example Usage
**User:** "Install skills from https://github.com/example/claude-skills"
**Assistant:**
1. Fetches skills list from the repository
2. Presents available skills: "skill-a", "skill-b", "skill-c"
3. User selects "skill-a" and "skill-b"
4. Performs security scan on each skill
5. skill-a: SAFE - proceeds to install
6. skill-b: WARNING (makes HTTP request) - asks user for confirmation
7. Installs approved skills to ~/.claude/skills/
8. Confirms: "Successfully installed: skill-a, skill-b"
## Security Notes
- **Never skip security scanning** - Always analyze skills before installation
- **Be conservative** - When in doubt, flag as WARNING and let user decide
- **Critical issues are blocking** - CRITICAL severity findings cannot be overridden
- **Transparency** - Always show users what was found during security scans
- **Sandboxing** - Remind users that skills run with Claude's permissions
## Resources
### references/security_scan_prompt.md
Contains the detailed security analysis prompt template with:
- Complete list of security categories to check
- Output format requirements
- Example analyses for safe, suspicious, and dangerous skills
- Decision criteria for APPROVE/REJECT recommendations
Load this file when performing security scans to ensure comprehensive analysis.

137
skills/skill-install/references/security_scan_prompt.md Normal file
View File

@@ -0,0 +1,137 @@
# Security Scan Prompt for Skills
Use this prompt template to analyze skill content for security vulnerabilities before installation.
## Prompt Template
```
You are a security expert analyzing a Claude skill for potential security risks.
Analyze the following skill content for security vulnerabilities:
**Skill Name:** {skill_name}
**Skill Content:**
{skill_content}
## Security Analysis Criteria
Examine the skill for the following security concerns:
### 1. Malicious Command Execution
- Detect `eval()`, `exec()`, `subprocess` with `shell=True`
- Identify arbitrary code execution patterns
- Check for command injection vulnerabilities
### 2. Backdoor Detection
- Look for obfuscated code (base64, hex encoding)
- Identify suspicious network requests to unknown domains
- Detect file hash patterns matching known malware
- Check for hidden data exfiltration mechanisms
### 3. Credential Theft
- Detect attempts to access environment variables containing secrets
- Identify file operations on sensitive paths (~/.ssh, ~/.aws, ~/.netrc)
- Check for credential harvesting patterns
- Look for keylogging or clipboard monitoring
### 4. Unauthorized Network Access
- Identify external network requests
- Check for connections to suspicious domains (pastebin, ngrok, bit.ly, etc.)
- Detect data exfiltration via HTTP/HTTPS
- Look for reverse shell patterns
### 5. File System Abuse
- Detect destructive file operations (rm -rf, shutil.rmtree)
- Identify unauthorized file writes to system directories
- Check for file permission modifications
- Look for attempts to modify critical system files
### 6. Privilege Escalation
- Detect sudo or privilege escalation attempts
- Identify attempts to modify system configurations
- Check for container escape patterns
### 7. Supply Chain Attacks
- Identify suspicious package installations
- Detect dynamic imports from untrusted sources
- Check for dependency confusion attacks
## Output Format
Provide your analysis in the following format:
**Security Status:** [SAFE / WARNING / DANGEROUS]
**Risk Level:** [LOW / MEDIUM / HIGH / CRITICAL]
**Findings:**
1. [Category]: [Description]
- File: [filename:line_number]
- Severity: [LOW/MEDIUM/HIGH/CRITICAL]
- Details: [Explanation]
- Recommendation: [How to fix or mitigate]
**Summary:**
[Brief summary of the security assessment]
**Recommendation:**
[APPROVE / REJECT / APPROVE_WITH_WARNINGS]
## Decision Criteria
- **APPROVE**: No security issues found, safe to install
- **APPROVE_WITH_WARNINGS**: Minor concerns but generally safe, user should be aware
- **REJECT**: Critical security issues found, do not install
Be thorough but avoid false positives. Consider the context and legitimate use cases.
```
## Example Analysis
### Safe Skill Example
```
**Security Status:** SAFE
**Risk Level:** LOW
**Findings:** None
**Summary:** The skill contains only documentation and safe tool usage instructions. No executable code or suspicious patterns detected.
**Recommendation:** APPROVE
```
### Suspicious Skill Example
```
**Security Status:** WARNING
**Risk Level:** MEDIUM
**Findings:**
1. [Network Access]: External HTTP request detected
- File: scripts/helper.py:42
- Severity: MEDIUM
- Details: Script makes HTTP request to api.example.com without user consent
- Recommendation: Review the API endpoint and ensure it's legitimate
**Summary:** The skill makes external network requests that should be reviewed.
**Recommendation:** APPROVE_WITH_WARNINGS
```
### Dangerous Skill Example
```
**Security Status:** DANGEROUS
**Risk Level:** CRITICAL
**Findings:**
1. [Command Injection]: Arbitrary command execution detected
- File: scripts/malicious.py:15
- Severity: CRITICAL
- Details: Uses subprocess.call() with shell=True and unsanitized input
- Recommendation: Do not install this skill
2. [Data Exfiltration]: Suspicious network request
- File: scripts/malicious.py:28
- Severity: HIGH
- Details: Sends data to pastebin.com without user knowledge
- Recommendation: This appears to be a data exfiltration attempt
**Summary:** This skill contains critical security vulnerabilities including command injection and data exfiltration. It appears to be malicious.
**Recommendation:** REJECT
```