1

    skill-security-vendor-pack

    by Roy Yuen

    Audit AI agent skills for security risks, packaging errors, and marketplace readiness with professional reports.

    Updated Apr 2026
    1 installs

    Free

    One-time purchase · Own forever

    Included in download

    • Downloadable skill package
    • 2 permissions declared
    • Instant install

    See it in action

    Security Review: [PASS/WARNING]
- Risk Level: Medium
- Issues:
  1. Found 'subprocess.run' call in skill.py (Suspicious Pattern)
  2. Missing 'tags' in skill.yaml (Packaging Issue)
- JSON artifacts saved to output.json.
- Full Markdown report generated for client delivery.

    About This Skill

    Ensure Professional Credibility for Your AI Skills

    The Skill Security Vendor Pack is a specialized auditing tool designed for developers and agencies building for AI marketplaces. It automates the pre-flight inspection of skill packages, ensuring they meet the high standards required for commercial distribution and client delivery.

    What it does

    This skill performs a deep-dive scan of a skill folder to identify security risks, packaging defects, and marketplace-readiness gaps. It replaces manual checklists with an automated, script-based review process that generates both developer-friendly JSON data and client-ready Markdown reports.

    • Permission Auditing: Scans for high-risk or over-scoped permissions that might block marketplace approval.
    • Pattern Matching: Flags suspicious code patterns or shell execution risks that require manual verification.
    • Packaging Validation: Checks for missing configuration files, metadata inconsistencies, and directory structure errors.
    • Portable Analysis: Built with zero-dependency Python for easy inclusion in CI/CD pipelines or local development workflows.

    Why use this skill?

    While basic prompting might catch high-level errors, this skill follows a strict Output Contract, ensuring every report is structured for professional use. It provides evidence-backed flags rather than generic warnings, allowing you to fix issues before they become "denied" statuses on a marketplace or security concerns for a client. It effectively turns your audit process into a repeatable, professional service.

    Use Cases

    • Audit third-party skills before installing them in your environment.
    • Generate professional security clearance reports for your enterprise clients.
    • Validate skill metadata and structure before submitting to an AI marketplace.
    • Integrate security linting into your skill development CI/CD pipeline.

    Reviews

    No reviews yet — be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Terminal / Shell
    Network Access

    File Scopes

    skill-security-vendor-pack-upload/**

    Tags

    security-audit
    marketplace-ready
    devops
    python
    compliance

    Creator

    Roy Yuen

    Frequently Asked Questions

    Learn More About AI Agent Skills

    Similar Skills

    git-commit-writer

    Writes conventional commit messages by analyzing your staged git changes. Detects commit type, scope, and breaking changes automatically.

    Free45 installs

    env-doctor

    Diagnoses why your project will not start. Checks runtime versions, dependencies, environment variables, databases, ports, and build artifacts systematically.

    Free25 installs

    seo-optimizer

    SEO optimizer and banned-word scanner for Chinese social media. Keyword optimization and advertising law compliance.

    Free13 installs

    code-reviewer

    Reviews your code for bugs, security vulnerabilities, logic errors, performance issues, and style violations. Organizes findings by severity and suggests fixes with code examples.

    Free59 installs

    Free