Audit History

📁 Filesystem access (1)

SKILL.md:29-34 SKILL.md:105-120

Audit version 3

Low Risk

Jan 17, 2026, 07:27 AM

After evaluating all static findings, this skill is a legitimate code review tool. The detected patterns are false positives - the skill uses GitHub CLI for standard PR operations, network access is limited to GitHub API, and credential access is necessary for authenticated GitHub operations. The static analyzer flagged documentation examples of security checks (like Windows SAM patterns) as if the skill itself accessed those systems, which is incorrect. All external commands use hardcoded GitHub CLI tools with validated inputs.

2

Files scanned

1,389

Lines analyzed

3

findings

claude

Audited by

No security issues found

Risk Factors

⚙️ External commands (2)

🌐 Network access (1)

📁 Filesystem access (1)

Audit version 2

Medium Risk

Jan 6, 2026, 07:40 AM

The skill requires GitHub CLI and network access for PR operations. It executes external commands and has filesystem access for code analysis. While legitimate for code review purposes, the broad capabilities warrant medium risk classification.

1

Files scanned

1,141

Lines analyzed

6

findings

claude

Audited by

Medium Risk Issues (2)

External command execution via GitHub CLI

The skill executes numerous gh CLI commands that could be manipulated if input validation is insufficient. Examples include: 'gh pr view 123 --json files,diff' and 'gh pr comment 123 --body'. While legitimate for PR operations, command injection could occur if PR data is not properly sanitized.

Network calls to GitHub API endpoints

The skill makes extensive API calls to GitHub endpoints including '/repos/:owner/:repo/pulls/123/comments'. These network operations could potentially be redirected or intercepted if the system is compromised.

Low Risk Issues (1)

SKILL.md:405-408

Webhook handler executes commands directly

The webhook handler example uses execSync to execute swarm commands based on PR comments: 'execSync(`npx ruv-swarm github handle-comment --pr ${event.issue.number} --command "${command}"`)'. This could be exploited if comment validation is insufficient.

Risk Factors

🌐 Network access (1)

⚙️ External commands (1)

SKILL.md:137-155

📁 Filesystem access (1)

Audit version 1

Medium Risk

Jan 6, 2026, 07:40 AM

The skill requires GitHub CLI and network access for PR operations. It executes external commands and has filesystem access for code analysis. While legitimate for code review purposes, the broad capabilities warrant medium risk classification.

1

Files scanned

1,141

Lines analyzed

6

findings

claude

Audited by

Medium Risk Issues (2)

External command execution via GitHub CLI

The skill executes numerous gh CLI commands that could be manipulated if input validation is insufficient. Examples include: 'gh pr view 123 --json files,diff' and 'gh pr comment 123 --body'. While legitimate for PR operations, command injection could occur if PR data is not properly sanitized.

Network calls to GitHub API endpoints

The skill makes extensive API calls to GitHub endpoints including '/repos/:owner/:repo/pulls/123/comments'. These network operations could potentially be redirected or intercepted if the system is compromised.

Low Risk Issues (1)

SKILL.md:405-408

Webhook handler executes commands directly

The webhook handler example uses execSync to execute swarm commands based on PR comments: 'execSync(`npx ruv-swarm github handle-comment --pr ${event.issue.number} --command "${command}"`)'. This could be exploited if comment validation is insufficient.

Risk Factors

🌐 Network access (1)

⚙️ External commands (1)

SKILL.md:137-155

📁 Filesystem access (1)