from cls-certify93
Enterprise-grade multi-dimensional security scanner for Agent Skills that produces S+/S/A/B/C/D ratings and structured HTML/PDF reports.
CLS-Certify runs a six-dimension security analysis on Agent Skills: static code checks, simulated dynamic behavior, dependency/CVE audit, network/API review, privacy/compliance checks, and source reputation. It produces structured JSON/Markdown and human-readable HTML/PDF reports with a clear grade (S+/S/A/B/C/D) and remediation guidance.
Use CLS-Certify before installing or trusting third-party skills, when auditing internal skills for production deployment, or as part of a CI gate for new skill submissions. It's intended for security reviews where you need a reproducible, shareable assessment.
Designed for use with Claude Code / Agent environments that can run analysis tooling and parse Markdown-based skill docs. The toolchain is language-agnostic and fits into CI pipelines or manual review workflows.
CLS-Certify is an enterprise-grade multi-dimensional security scanner for Agent Skills, producing S+/S/A/B/C/D ratings with HTML/PDF reports. The SKILL.md is extremely comprehensive (~30K chars) covering 6 analysis dimensions, classification-based scan strategies, and structured reporting. No scripts were available to test. Main security concern is the auto-update mechanism (git pull without confirmation). Documentation quality is high but verbose — the SKILL.md could benefit from more aggressive extraction to references/.
Well-designed skill for security auditing with thorough methodology. The auto-update mechanism (Phase 0: check-update.sh + git pull) is the primary security concern — an attacker could compromise the upstream repo. The skill describes dangerous patterns extensively in documentation context (not actual threats). No scripts were bundled in the fetch, so all scoring is based on static analysis of SKILL.md. The classification system (T-MD/T-LITE/T-REF/T-HEAVY) with adaptive scan strategies is architecturally sound.
