Security: 23 pentest skills should have risk: high instead of risk: unknown

[aliksir]

Summary

23 security/penetration testing skills from this repository are all published with risk: unknown in their SKILL.md frontmatter. For attack-oriented skills, this should be risk: high to enable proper filtering and safety measures.

Affected Skills

All 23 skills listed below have risk: unknown and source: community:

1. active-directory-attacks
2. api-fuzzing-bug-bounty
3. aws-penetration-testing
4. burp-suite-testing
5. cloud-penetration-testing
6. ethical-hacking-methodology
7. html-injection-testing
8. idor-testing
9. linux-privilege-escalation
10. metasploit-framework
11. pentest-checklist
12. pentest-commands
13. privilege-escalation-methods
14. red-team-tools
15. shodan-reconnaissance
16. smtp-penetration-testing
17. sql-injection-testing
18. sqlmap-database-pentesting
19. ssh-penetration-testing
20. windows-privilege-escalation
21. wireshark-analysis
22. wordpress-penetration-testing
23. xss-html-injection

Why This Matters

1. No automatic filtering: Tools that manage Claude Code skills can filter by risk level. risk: unknown means these skills bypass any safety filtering.

2. Supply chain risk: A single author providing 23 attack-oriented skills with no risk classification creates a trust gap. Users installing these skills have no metadata-level warning.

3. Dangerous content examples:

   • ethical-hacking-methodology: Contains instructions for adding backdoors to ~/.ssh/authorized_keys
   • linux-privilege-escalation: Contains reverse shell commands and LinPEAS execution
   • privilege-escalation-methods: Contains PowerShell remote execution templates (iex (iwr ...))
   • red-team-tools: Contains C2 framework operation procedures
   • ssh-penetration-testing: Contains full-disk SSH key scanning procedures

4. Attack chain potential: When combined with a skill that enables bypassPermissions (like devcontainer-setup), these skills can execute dangerous operations without any user confirmation.

Requested Change

Update all 23 SKILL.md files to set risk: high in the frontmatter:

# Before
risk: unknown

# After
risk: high

This is a metadata-only change that doesn't affect the skill content, but allows users and tools to make informed decisions about installation.

Discovery

Found during a comprehensive security audit of 582 Claude Code community skills.

[zebbern]

risk: isn't a supported frontmatter field in Claude Code's SKILL.md spec and gets silently ignored, so this change wouldn't actually enable any filtering or safety measures. If you'd like to see this field officially supported, that's better raised as a feature request with Anthropic.

[aliksir]

Thanks for checking and clarifying — you're right that risk: isn't an official frontmatter field.

That said, several of these skills contain commands that execute immediately (reverse shells, LinPEAS, credential harvesting, etc.), so adding disable-model-invocation: true to their frontmatter would be a practical safeguard worth considering.

[zebbern]

Yes that's true ill look more into the disable-model-invocation: true and see the pros/cons and how it may affect different scenarios/automations 👍

[aliksir]

Thanks for the quick response and for taking this seriously! 🙏

Really appreciate you looking into disable-model-invocation: true and evaluating the trade-offs for different scenarios. Take your time — happy to help test or discuss if needed.

Respect for maintaining such a valuable resource for the community. 👍