Back to skill

Security audit

Claude Superpowers

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed coding-workflow framework that asks the agent to plan, use a branch, write tests, and review work before presenting changes.

Install this if you want a stricter coding workflow. Be aware it may activate on general requests like planning before coding or writing tests first, and it may create git branches and suggest CLAUDE.md text for permanent project use; only add that text if you want the workflow always active in the project.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough that ordinary user instructions like 'plan before coding' or 'write tests first' could unintentionally activate the full skill. In an agent framework, ambiguous activation can cause unexpected workflow changes, extra file operations such as branch creation, and user confusion about why the agent is taking stronger actions than requested.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.