Wrapper for GitHub CLI - delegates to official gh tool with secure OAuth.
Wrapper for weather API - simple HTTP requests to public weather service.
Well-implemented security practices with proper input validation, rate limiting, and credential handling; minor concerns around API endpoint trust and error handling.
Wrapper for 1Password CLI - delegates security to the official 1Password command-line tool.
Wrapper for local Whisper CLI - offline speech-to-text with no API calls.
Wrapper for memo CLI - delegates to macOS Notes app via AppleScript.
Wrapper for remindctl CLI - delegates to macOS Reminders app via AppleScript.
Wrapper for AI coding assistants - delegates to external coding agents with full code access.
Wrapper for Google Places API CLI - requires API key for location data access.
Google Places API integration with proper error handling but has path injection vulnerability and lacks input validation on critical parameters.
Template generation script with path traversal vulnerabilities and insufficient validation of user-controlled file operations.
Legitimate OpenAI image generation script with proper API usage, but has path traversal risks and writes files to user-controlled locations without sufficient validation.
Legitimate image generation tool with proper API key handling, but has path traversal vulnerabilities and unrestricted file system write access.
Wrapper for bird CLI - cookie-based Twitter automation with potential session hijacking risks.
Wrapper for Google Workspace CLI - requires OAuth tokens with broad API access.
Wrapper for Model Context Protocol tools - connects to external MCP servers.
Wrapper for PDF editing CLI - processes PDF files with natural language.
Wrapper for video/audio summarization tools - downloads and transcribes media.
Wrapper for Discord bot - requires bot token with potential for token leakage.
Wrapper for security audit commands - executes system-level security checks.
Wrapper for macOS UI automation - requires accessibility permissions and screen recording.
Wrapper for WhatsApp CLI - requires WhatsApp session with message access.
Script executes external commands and reads files with minimal input validation, presenting moderate security risks through command injection and path traversal vulnerabilities.
Script has command injection vulnerabilities through unsanitized user inputs passed to ffmpeg and mkdir commands, allowing arbitrary command execution.
Android automation library with significant command injection vulnerabilities and unrestricted device control capabilities that could be exploited for malicious purposes.
Critical security vulnerabilities including hardcoded credentials, SSRF, weak cryptography, injection vulnerabilities, and missing authentication controls.
This skill contains multiple critical vulnerabilities including command injection, path traversal, and arbitrary code execution that could lead to complete system compromise.