The problem
Claude Code skills run with full access to your shell, filesystem, and environment variables. There's no permission boundary. A malicious skill could read your SSH keys, grab your GitHub token, and exfiltrate them silently.
The solution: 3 open source skills
I built three skills to fix the biggest pain points:
skill-guard — Security auditor (9-layer analysis)
Audits skills BEFORE installation using:
- Permission analysis
- Static pattern detection
- LLM semantic analysis (catches prompt injection that regex misses)
- Data flow mapping
- Supply chain checks
- MCP abuse detection
Result: score 0-100, GREEN/YELLOW/RED. Community audit registry.
skill-advisor — Smart skill routing
You install 50 skills, Claude uses 5. skill-advisor intercepts every instruction and recommends the best match before Claude starts working. Thinks laterally, recommends full pipelines, stays silent on simple tasks. Shows gaps — skills you should install but don't have.
skill-learner — Persistent error correction
Claude apologizes, promises to do better, then makes the exact same mistake next session. skill-learner captures what went wrong as persistent corrections that survive across sessions. Auto-detects the failing skill, deduplicates, and optionally generates improvement proposals.
Quality
All three scored A+ (120/120) on the skill-judge evaluation framework.
Try it
npx skills add j4rk0r/claude-skills --yes --global
Source: github.com/j4rk0r/claude-skills
Top comments (0)