World-class autonomous security and compliance skill system. Use ANY time the user asks to review code for security issues, check credential management, audi...
Security Analysis
medium confidenceThe skill is a comprehensive, instruction-only security playbook, but it claims autonomous operational powers (blocking deployments, rotating credentials) without declaring credentials, install steps, or actual mechanisms to perform those actions — that mismatch is concerning.
The name/description promise a full autonomous security & compliance operator. The repo contains extensive reference docs and checklists appropriate for that purpose. However, the skill requests no credentials, binaries, config paths, or install steps even though many of its declared responsibilities (rotating keys, blocking deployments, checking platform logs) would require privileged access and integration points. This is a capability/requirement gap (explanation missing), not necessarily malicious, but it is inconsistent.
SKILL.md directs the agent to 'USE ANY time' security-adjacent questions and to run domain-specific checklists. The reference files include commands and snippets that imply reading repositories, running git/grep scans, accessing environment variables, and invoking platform APIs (Stripe, GitHub, Gumroad). The skill does not explicitly limit what files/paths may be read or what outbound endpoints to call. The 'always trigger' policy in the text grants broad discretionary scope to the agent, which could lead to it reading sensitive local files or requesting secrets unless the surrounding platform enforces limits.
There is no install spec and no code files executed by the platform; this is instruction-only. That minimizes supply-chain/install risk. Static scanner had no code to analyze.
The reference docs enumerate many sensitive credentials (Stripe, Gumroad, GitHub, SendGrid, Airtable) and show patterns for scanning and rotating them, but the skill declares no required environment variables or primary credential. That's plausible for a purely advisory skill, but it is disproportionate if you expect the skill to actually rotate keys or access platform logs — those actions would require credentials and platform access not declared here.
The skill metadata does not request 'always: true' and allows autonomous invocation (normal), but the COMPANY-INTEGRATION file asserts an explicit 'Guardian Autonomous Authority' that can block deployments and rotate credentials without asking. That claim of autonomous authority is mismatched with the lack of integration details and could be misleading or overreach if users assume the skill will (or should be allowed to) take those actions automatically.
Guidance
This skill is primarily a detailed security playbook and checklist, which can be useful. The main issue is inconsistency: it claims the ability to autonomously block deployments and rotate credentials but provides no install/integration mechanism or declared credentials to actually do that. Before installing or enabling this skill: - Clarify expected behavior: ask the author whether the skill is advisory-only (reports findings) or intended to perform automated actions (block deploys, rotate keys). If automated, request details about how it will authenticate and where it will run. - Never expose production credentials to a skill unless you explicitly trust and understand integrations; prefer scoped test credentials and least privilege. - If you want only advisory checks, enforce that the agent cannot modify systems or call sensitive APIs (use platform permission controls). - If you plan to let it take actions (rotate keys, block CI), require a formal integration with explicit, auditable credentials and human approval gates. - Consider testing in a non-production environment first and review the reference checklists for any commands that read or write local files (git, db paths, backup scripts). If the author supplies an install spec, required env vars, or a clear integration design showing where actions will be executed and what credentials are needed, reassess — that information could move this from 'suspicious' toward 'benign.'
Latest Release
v1.0.1
Updated display name.
More by @tenlifejosh
Instagram Agent — Complete Operations Playbook
2 stars
TikTok Agent — Complete Operations Playbook
2 stars
Navigator PM — World-Class AI Strategy & Planning
0 stars
Sentinel QA — World-Class AI Audit & Quality System
0 stars
Librarian Mastery — World-Class AI Knowledge & Memory System
0 stars
Faith Content Cron — Daily Scripture & Devotional Posts
0 stars
Published by @tenlifejosh on ClawHub
