agiza_agents

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.exposed_secret_literal (+1 more)

Findings (9)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteMedium Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Running the command would fetch and install code from outside the registry context.

Why it was flagged

The skill documents a user-run remote install command through npx/GitHub while the registry source is listed as unknown and there is no install spec. This is user-directed and purpose-aligned, but provenance should be checked.

Skill content

npx agent-skills-cli add alirezarezvani/claude-skills/engineering

Recommendation

Only run the npx install command if you trust the package and repository; prefer reviewing or pinning versions before installation.

NoteHigh Confidence

ASI05: Unexpected Code Execution

What this means

The helper scripts can read local project files and produce analysis reports when the user or agent runs them.

Why it was flagged

The sub-skill instructs users to run bundled Python helper scripts against a chosen Terraform directory. This is expected for the stated analyzer/scanner purpose, but it is still local code execution.

Skill content

python3 scripts/tf_module_analyzer.py ./terraform

Recommendation

Run helper scripts only from trusted skill copies and against directories you intend to analyze.

NoteHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

Secrets present in scanned project files could appear in the agent context or generated reports.

Why it was flagged

The Terraform security workflow is designed to inspect code for secrets and IAM issues. This is purpose-aligned, but scanned files may contain credential material.

Skill content

Audit Terraform code for security vulnerabilities, secrets exposure, and IAM misconfigurations

Recommendation

Scan only intended repositories, avoid sharing generated reports publicly, and redact any real secrets found.

NoteHigh Confidence

ASI01: Agent Goal Hijack

What this means

If loaded carelessly, example attack strings may appear in model context, but the artifact labels them as threats to detect.

Why it was flagged

Prompt-injection phrases appear as documented examples in a security-auditor skill, not as instructions to the evaluator or user agent.

Skill content

| **System prompt override** | "Ignore previous instructions", "You are now..." | 🔴 CRITICAL |

Recommendation

Treat these phrases only as examples; load the security-auditor sub-skill only when doing security review work.

Findings (9)

critical

suspicious.dangerous_exec

Location: skill-security-auditor/scripts/skill_security_auditor.py:161
Finding: Shell command execution detected (child_process).

critical

suspicious.dynamic_code_execution

Location: skill-security-auditor/scripts/skill_security_auditor.py:154
Finding: Dynamic code execution detected.

critical

suspicious.exposed_secret_literal

Location: api-design-reviewer/references/api_antipatterns.md:441
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: api-design-reviewer/references/rest_design_rules.md:350
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: helm-chart-builder/references/values-design.md:218
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: tech-debt-tracker/assets/sample_codebase/src/user_service.py:14
Finding: File appears to expose a hardcoded API secret or token.

critical

suspicious.exposed_secret_literal

Location: terraform-patterns/scripts/tf_security_scanner.py:93
Finding: File appears to expose a hardcoded API secret or token.

warn

suspicious.prompt_injection_instructions

Location: skill-security-auditor/references/threat-model.md:75
Finding: Prompt-injection style instruction pattern detected.

warn

suspicious.prompt_injection_instructions

Location: skill-security-auditor/SKILL.md:60
Finding: Prompt-injection style instruction pattern detected.