audit-third-party-software
CommunityAudit third-party code for safety first
Software Engineering#static analysis#security audit#supply chain#third-party risk#telemetry detection#binary inspection#safe install
Authorkzarzycki
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill prevents unsafe installs by auditing third-party software before you clone, install, or run it.
Core Features & Use Cases
- Static safety audit of repos, tarballs, binaries, packages, and Claude Code plugins before execution.
- Verdict with evidence that classifies risk as SAFE, CAUTION, or UNSAFE with file-level, line-level citations and concrete observations.
- Threat-focused checks for telemetry/data exfiltration, prompt injection risks, supply-chain attacks, closed-source phone-home behavior, secrets/credential handling, and unsafe local services.
- Binary deep inspection guidance for extracting URLs/domains from a strings dump and triaging them into benign vs unknown vs cloud-SDK.
Quick Start
Ask the AI to audit the third-party software you plan to install from a provided GitHub URL and produce a SAFE/CAUTION/UNSAFE verdict with file:line citations and an install recommendation.
Dependency Matrix
Required Modules
None requiredComponents
referencesscripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: audit-third-party-software Download link: https://github.com/kzarzycki/agent-skills/archive/main.zip#audit-third-party-software Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.