3skill

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This PRD helper is mostly documentation, but it includes an unattended coding-agent loop that bypasses permissions and can keep editing or committing code.

Use this skill as a PRD template only unless you intentionally want autonomous code execution. Avoid the documented --dangerously-skip-permissions loop, set strict iteration limits, review every diff and commit manually, and keep progress.txt free of untrusted instructions.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

High

What this means

If followed, an agent could modify the codebase and run commands without normal permission checks.

Why it was flagged

This recommends running a coding agent with permission prompts disabled while it implements work and updates project files, which is high-impact tool use without a clear approval boundary.

Skill content

claude --print --dangerously-skip-permissions "Read prd.json, find first story where passes=false, implement it, run checks, update passes=true if successful"

Recommendation

Do not use the dangerous permission-bypass mode for routine work; require explicit approval for file changes, commands, and commits, and review diffs before marking stories complete.

#ASI10: Rogue Agents

Medium

What this means

The agent may continue operating, consuming resources, or attempting changes beyond the user’s expected stopping point.

Why it was flagged

The documented unattended loop is unbounded at the shell level and can keep launching autonomous agent runs after the intended task unless externally stopped.

Skill content

while :; do
  claude --print --dangerously-skip-permissions \
    "Read prd.json, find first story where passes=false, implement it, run checks, update passes=true if successful"
done

Recommendation

Replace infinite loops with a bounded runner, explicit stop checks, maximum iteration/time limits, and human review between stories.

#ASI06: Memory and Context Poisoning

Low

What this means

Incorrect or malicious content placed in progress.txt could influence later agent changes.

Why it was flagged

The workflow creates a persistent project note that future agent iterations are told to read and trust for codebase patterns.

Skill content

Read `progress.txt` (check Codebase Patterns first) ... Append progress to `progress.txt`

Recommendation

Keep progress.txt under review, treat it as untrusted project context, and avoid letting it override explicit user instructions or repository policy.

#ASI04: Agentic Supply Chain Vulnerabilities

Info

What this means

This does not show malicious behavior, but it makes the package identity and version lineage less clear.

Why it was flagged

The internal metadata differs from the supplied registry metadata, which lists a different owner ID, slug, and version.

Skill content

"ownerId": "kn7f5p8fe35nfwgpfykcrswetd7ytn4n", "slug": "prd", "version": "2.0.5"

Recommendation

Confirm the intended publisher and version before relying on the skill, especially if it is installed from an unknown source.