feat skill-install install script and security scan

skills/skill-install/SKILL.md

@@ -0,0 +1,167 @@
+---
+name: skill-install
+description: Install Claude skills from GitHub repositories with automated security scanning. Triggers when users want to install skills from a GitHub URL, need to browse available skills in a repository, or want to safely add new skills to their Claude environment.
+---
+
+# Skill Install
+
+## Overview
+
+Install Claude skills from GitHub repositories with built-in security scanning to protect against malicious code, backdoors, and vulnerabilities.
+
+## When to Use
+
+Trigger this skill when the user:
+- Provides a GitHub repository URL and wants to install skills
+- Asks to "install skills from GitHub"
+- Wants to browse and select skills from a repository
+- Needs to add new skills to their Claude environment
+
+## Workflow
+
+### Step 1: Parse GitHub URL
+
+Accept a GitHub repository URL from the user. The URL should point to a repository containing a `skills/` directory.
+
+Supported URL formats:
+- `https://github.com/user/repo`
+- `https://github.com/user/repo/tree/main/skills`
+- `https://github.com/user/repo/tree/branch-name/skills`
+
+Extract:
+- Repository owner
+- Repository name
+- Branch (default to `main` if not specified)
+
+### Step 2: Fetch Skills List
+
+Use the WebFetch tool to retrieve the skills directory listing from GitHub.
+
+GitHub API endpoint pattern:
+```
+https://api.github.com/repos/{owner}/{repo}/contents/skills?ref={branch}
+```
+
+Parse the response to extract:
+- Skill directory names
+- Each skill should be a subdirectory containing a SKILL.md file
+
+### Step 3: Present Skills to User
+
+Use the AskUserQuestion tool to let the user select which skills to install.
+
+Set `multiSelect: true` to allow multiple selections.
+
+Present each skill with:
+- Skill name (directory name)
+- Brief description (if available from SKILL.md frontmatter)
+
+### Step 4: Fetch Skill Content
+
+For each selected skill, fetch all files in the skill directory:
+
+1. Get the file tree for the skill directory
+2. Download all files (SKILL.md, scripts/, references/, assets/)
+3. Store the complete skill content for security analysis
+
+Use WebFetch with GitHub API:
+```
+https://api.github.com/repos/{owner}/{repo}/contents/skills/{skill_name}?ref={branch}
+```
+
+For each file, fetch the raw content:
+```
+https://raw.githubusercontent.com/{owner}/{repo}/{branch}/skills/{skill_name}/{file_path}
+```
+
+### Step 5: Security Scan
+
+**CRITICAL:** Before installation, perform a thorough security analysis of each skill.
+
+Read the security scan prompt template from `references/security_scan_prompt.md` and apply it to analyze the skill content.
+
+Examine for:
+1. **Malicious Command Execution** - eval, exec, subprocess with shell=True
+2. **Backdoor Detection** - obfuscated code, suspicious network requests
+3. **Credential Theft** - accessing ~/.ssh, ~/.aws, environment variables
+4. **Unauthorized Network Access** - external requests to suspicious domains
+5. **File System Abuse** - destructive operations, unauthorized writes
+6. **Privilege Escalation** - sudo attempts, system modifications
+7. **Supply Chain Attacks** - suspicious package installations
+
+Output the security analysis with:
+- Security Status: SAFE / WARNING / DANGEROUS
+- Risk Level: LOW / MEDIUM / HIGH / CRITICAL
+- Detailed findings with file locations and severity
+- Recommendation: APPROVE / APPROVE_WITH_WARNINGS / REJECT
+
+### Step 6: User Decision
+
+Based on the security scan results:
+
+**If SAFE (APPROVE):**
+- Proceed directly to installation
+
+**If WARNING (APPROVE_WITH_WARNINGS):**
+- Display the security warnings to the user
+- Use AskUserQuestion to confirm: "Security warnings detected. Do you want to proceed with installation?"
+- Options: "Yes, install anyway" / "No, skip this skill"
+
+**If DANGEROUS (REJECT):**
+- Display the critical security issues
+- Refuse to install
+- Explain why the skill is dangerous
+- Do NOT provide an option to override for CRITICAL severity issues
+
+### Step 7: Install Skills
+
+For approved skills, install to `~/.claude/skills/`:
+
+1. Create the skill directory: `~/.claude/skills/{skill_name}/`
+2. Write all skill files maintaining the directory structure
+3. Ensure proper file permissions (executable for scripts)
+4. Verify SKILL.md exists and has valid frontmatter
+
+Use the Write tool to create files.
+
+### Step 8: Confirmation
+
+After installation, provide a summary:
+- List of successfully installed skills
+- List of skipped skills (if any) with reasons
+- Location: `~/.claude/skills/`
+- Next steps: "The skills are now available. Restart Claude or use them directly."
+
+## Example Usage
+
+**User:** "Install skills from https://github.com/example/claude-skills"
+
+**Assistant:**
+1. Fetches skills list from the repository
+2. Presents available skills: "skill-a", "skill-b", "skill-c"
+3. User selects "skill-a" and "skill-b"
+4. Performs security scan on each skill
+5. skill-a: SAFE - proceeds to install
+6. skill-b: WARNING (makes HTTP request) - asks user for confirmation
+7. Installs approved skills to ~/.claude/skills/
+8. Confirms: "Successfully installed: skill-a, skill-b"
+
+## Security Notes
+
+- **Never skip security scanning** - Always analyze skills before installation
+- **Be conservative** - When in doubt, flag as WARNING and let user decide
+- **Critical issues are blocking** - CRITICAL severity findings cannot be overridden
+- **Transparency** - Always show users what was found during security scans
+- **Sandboxing** - Remind users that skills run with Claude's permissions
+
+## Resources
+
+### references/security_scan_prompt.md
+
+Contains the detailed security analysis prompt template with:
+- Complete list of security categories to check
+- Output format requirements
+- Example analyses for safe, suspicious, and dangerous skills
+- Decision criteria for APPROVE/REJECT recommendations
+
+Load this file when performing security scans to ensure comprehensive analysis.

skills/skill-install/references/security_scan_prompt.md

@@ -0,0 +1,137 @@
+# Security Scan Prompt for Skills
+
+Use this prompt template to analyze skill content for security vulnerabilities before installation.
+
+## Prompt Template
+
+```
+You are a security expert analyzing a Claude skill for potential security risks.
+
+Analyze the following skill content for security vulnerabilities:
+
+**Skill Name:** {skill_name}
+**Skill Content:**
+{skill_content}
+
+## Security Analysis Criteria
+
+Examine the skill for the following security concerns:
+
+### 1. Malicious Command Execution
+- Detect `eval()`, `exec()`, `subprocess` with `shell=True`
+- Identify arbitrary code execution patterns
+- Check for command injection vulnerabilities
+
+### 2. Backdoor Detection
+- Look for obfuscated code (base64, hex encoding)
+- Identify suspicious network requests to unknown domains
+- Detect file hash patterns matching known malware
+- Check for hidden data exfiltration mechanisms
+
+### 3. Credential Theft
+- Detect attempts to access environment variables containing secrets
+- Identify file operations on sensitive paths (~/.ssh, ~/.aws, ~/.netrc)
+- Check for credential harvesting patterns
+- Look for keylogging or clipboard monitoring
+
+### 4. Unauthorized Network Access
+- Identify external network requests
+- Check for connections to suspicious domains (pastebin, ngrok, bit.ly, etc.)
+- Detect data exfiltration via HTTP/HTTPS
+- Look for reverse shell patterns
+
+### 5. File System Abuse
+- Detect destructive file operations (rm -rf, shutil.rmtree)
+- Identify unauthorized file writes to system directories
+- Check for file permission modifications
+- Look for attempts to modify critical system files
+
+### 6. Privilege Escalation
+- Detect sudo or privilege escalation attempts
+- Identify attempts to modify system configurations
+- Check for container escape patterns
+
+### 7. Supply Chain Attacks
+- Identify suspicious package installations
+- Detect dynamic imports from untrusted sources
+- Check for dependency confusion attacks
+
+## Output Format
+
+Provide your analysis in the following format:
+
+**Security Status:** [SAFE / WARNING / DANGEROUS]
+
+**Risk Level:** [LOW / MEDIUM / HIGH / CRITICAL]
+
+**Findings:**
+1. [Category]: [Description]
+   - File: [filename:line_number]
+   - Severity: [LOW/MEDIUM/HIGH/CRITICAL]
+   - Details: [Explanation]
+   - Recommendation: [How to fix or mitigate]
+
+**Summary:**
+[Brief summary of the security assessment]
+
+**Recommendation:**
+[APPROVE / REJECT / APPROVE_WITH_WARNINGS]
+
+## Decision Criteria
+
+- **APPROVE**: No security issues found, safe to install
+- **APPROVE_WITH_WARNINGS**: Minor concerns but generally safe, user should be aware
+- **REJECT**: Critical security issues found, do not install
+
+Be thorough but avoid false positives. Consider the context and legitimate use cases.
+```
+
+## Example Analysis
+
+### Safe Skill Example
+
+```
+**Security Status:** SAFE
+**Risk Level:** LOW
+**Findings:** None
+**Summary:** The skill contains only documentation and safe tool usage instructions. No executable code or suspicious patterns detected.
+**Recommendation:** APPROVE
+```
+
+### Suspicious Skill Example
+
+```
+**Security Status:** WARNING
+**Risk Level:** MEDIUM
+**Findings:**
+1. [Network Access]: External HTTP request detected
+   - File: scripts/helper.py:42
+   - Severity: MEDIUM
+   - Details: Script makes HTTP request to api.example.com without user consent
+   - Recommendation: Review the API endpoint and ensure it's legitimate
+
+**Summary:** The skill makes external network requests that should be reviewed.
+**Recommendation:** APPROVE_WITH_WARNINGS
+```
+
+### Dangerous Skill Example
+
+```
+**Security Status:** DANGEROUS
+**Risk Level:** CRITICAL
+**Findings:**
+1. [Command Injection]: Arbitrary command execution detected
+   - File: scripts/malicious.py:15
+   - Severity: CRITICAL
+   - Details: Uses subprocess.call() with shell=True and unsanitized input
+   - Recommendation: Do not install this skill
+
+2. [Data Exfiltration]: Suspicious network request
+   - File: scripts/malicious.py:28
+   - Severity: HIGH
+   - Details: Sends data to pastebin.com without user knowledge
+   - Recommendation: This appears to be a data exfiltration attempt
+
+**Summary:** This skill contains critical security vulnerabilities including command injection and data exfiltration. It appears to be malicious.
+**Recommendation:** REJECT
+```