Description-Behavior Mismatch
Medium
- Confidence
- 97% confidence
- Finding
- The script presents itself as a secure pre-install scanner, but it includes a documented --skip-scan path that installs a skill without any security review. In a security-gating tool, a built-in bypass undermines the primary trust boundary and can be abused to install malicious skills while still appearing to use the guard tool.
