Skip to content

Add SafeSkill security badge (30/100 — Blocked)#36

Open
OyaAIProd wants to merge 1 commit intoMockLoop:mainfrom
OyaAIProd:safeskill-scan-1775009198862
Open

Add SafeSkill security badge (30/100 — Blocked)#36
OyaAIProd wants to merge 1 commit intoMockLoop:mainfrom
OyaAIProd:safeskill-scan-1775009198862

Conversation

@OyaAIProd
Copy link
Copy Markdown

@OyaAIProd OyaAIProd commented Apr 1, 2026

🔴 SafeSkill Security Scan Results

Metric Value
Overall Score 30/100 (Blocked)
Code Score 99/100
Content Score 61/100
Findings 24 findings detected (2 critical)
Taint Flows 0
Files Scanned 0
Scan Duration 0.2s

Top Findings

  • 🔴 critical: Tool/shell abuse instruction detected (tool-abuse-pattern): "Add to your shell profile (~/.bashrc" (docs/getting-started/configuration.md:137`)
  • 🔴 critical: Tool/shell abuse instruction detected (tool-abuse-pattern): "Add these to your shell profile (.bashrc" (docs/getting-started/installation.md:356`)
  • 🟠 high: Data exfiltration pattern detected (encoding-request): "base64 encode" (docs/guides/schemapin-integration.md:527)
  • 🟡 medium: Missing or invalid package.json (package.json:0)
  • 🟡 medium: Detected instruction-override attempt: "system:" (docs/ai-integration/custom-workflows.md:733)

View full report on SafeSkill

About SafeSkill

SafeSkill is a free, open-source security scanner for AI tools, MCP servers, and Claude Code skills. We scan for code exploits, prompt injection, and data exfiltration risks.

False positive? We take accuracy seriously. If any finding above is incorrect, please open an issue and we will fix it immediately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@OyaAIProd