Skillv1.3.0

Static analysis security

skill-forge · Deterministic local checks for risky code patterns and metadata mismatches.

ReviewApr 30, 2026, 5:24 AM

Summary: Detected: suspicious.dangerous_exec, suspicious.dynamic_code_execution, suspicious.env_credential_access (+1 more)
Reason codes: suspicious.dangerous_execsuspicious.dynamic_code_executionsuspicious.env_credential_accesssuspicious.potential_exfiltration
Engine: v2.4.5

criticalscripts/skill-creator.js:299

Shell command execution detected (child_process).

suspicious.dangerous_exec

criticalscripts/skill-creator.js:612

Dynamic code execution detected.

suspicious.dynamic_code_execution

criticalscripts/skill-creator.js:733

Environment variable access combined with network send.

suspicious.env_credential_access

warnscripts/skill-creator.js:239

File read combined with network send (possible exfiltration).

suspicious.potential_exfiltration