Security & Trust Scoring
kitpack is designed with security as a first-class concern. Since skills are markdown + scripts fetched from GitHub, they can contain anything. kitpack helps you make informed decisions.
Security Scan Rules
Every skill is scanned for 16 malicious patterns before install:
| Severity | Pattern | Description |
|---|---|---|
| Critical | curl | sh | Downloads and pipes to shell |
| Critical | wget | sh | Downloads and pipes to shell |
| Critical | base64 decode → exec | Obfuscated shell execution |
| High | eval() | Arbitrary code execution |
| High | exec/spawn | Shell command execution |
| High | rm -rf | Recursive force delete |
| High | chmod 777 | World-writable permissions |
| High | sudo | Privilege escalation |
| High | Obfuscated JS | Hex-encoded or fromCharCode patterns |
| Medium | postinstall scripts | Build scripts during install |
| Medium | Dynamic require/import | Loads arbitrary modules |
| Medium | File writes | Writes to filesystem |
| Medium | Hidden file access | Accesses ~/. or /home/*/. |
| Low | ENV access | Reads environment variables |
| Low | Network requests | fetch/axios calls |
Trust Score
A weighted 0–100 score from four factors:
- Installs (20%) — more installs = higher trust
- GitHub stars (25%) — fetched via GitHub API
- Security audits (25%) — from skills.sh partner providers
- Security scan (30%) — weighted penalty for findings
Partner Audits
skills.sh integrates with multiple security partners that scan skills automatically. Results are available via the Vercel OIDC-authenticated API:
- Gen Agent Trust Hub — content analysis and risk classification
- Socket — supply chain security alerts
- Snyk — vulnerability scanning
- Runlayer — runtime behavior analysis
- ZeroLeaks — secret and credential leak detection