2

    skill-security-vendor-pack

    by Roy Yuen

    Audit AI agent skills for security risks, packaging errors, and marketplace readiness with professional reports.

    Updated May 2026
    5 installs
    123 views

    Free

    One-time purchase

    Included in download

    • Downloadable skill package
    • 2 permissions declared
    • Instant install

    Sample Output

    A real example of what this skill produces.

    Security Review: [PASS/WARNING]

    • Risk Level: Medium
    • Issues:
      1. Found 'subprocess.run' call in skill.py (Suspicious Pattern)
      2. Missing 'tags' in skill.yaml (Packaging Issue)
    • JSON artifacts saved to output.json.
    • Full Markdown report generated for client delivery.

    About This Skill

    Ensure Professional Credibility for Your AI Skills

    The Skill Security Vendor Pack is a specialized auditing tool designed for developers and agencies building for AI marketplaces. It automates the pre-flight inspection of skill packages, ensuring they meet the high standards required for commercial distribution and client delivery.

    What it does

    This skill performs a deep-dive scan of a skill folder to identify security risks, packaging defects, and marketplace-readiness gaps. It replaces manual checklists with an automated, script-based review process that generates both developer-friendly JSON data and client-ready Markdown reports.

    • Permission Auditing: Scans for high-risk or over-scoped permissions that might block marketplace approval.
    • Pattern Matching: Flags suspicious code patterns or shell execution risks that require manual verification.
    • Packaging Validation: Checks for missing configuration files, metadata inconsistencies, and directory structure errors.
    • Portable Analysis: Built with zero-dependency Python for easy inclusion in CI/CD pipelines or local development workflows.

    Why use this skill?

    While basic prompting might catch high-level errors, this skill follows a strict Output Contract, ensuring every report is structured for professional use. It provides evidence-backed flags rather than generic warnings, allowing you to fix issues before they become "denied" statuses on a marketplace or security concerns for a client. It effectively turns your audit process into a repeatable, professional service.

    📖 Learn more: Best DevOps & Deployment Skills for Claude Code →

    Use Cases

    • Audit third-party skills before installing them in your environment.
    • Generate professional security clearance reports for your enterprise clients.
    • Validate skill metadata and structure before submitting to an AI marketplace.
    • Integrate security linting into your skill development CI/CD pipeline.

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Terminal / Shell
    Network Access

    File Scopes

    skill-security-vendor-pack-upload/**

    Tags

    security-audit
    marketplace-ready
    devops
    python
    compliance

    Creator

    Roy Yuen

    Frequently Asked Questions

    Learn More About AI Agent Skills

    More Premium Skills

    subagent-orchestrator (Develop based on the Claude Code sourcemap)

    Turn your AI agent into a coordinator that manages parallel subagents for complex coding and research tasks.

    $52 installs

    software-architect

    A structured framework for planning, reviewing, and evolving complex software systems with explicit trade-offs.

    $52 installs

    designing-hybrid-context-layers

    Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.

    $1012 installs

    consumer-motivation-analyzer

    Go beyond surface-level feedback to uncover the psychological drivers and hidden motivations behind buyer behavior.

    $199 installs

    Free