csh
/
playbook
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
playbook/antigravity-awesome-skills/docs/maintainers/full-repo-audit-2026-05-23.md

26 KiB
Raw Blame History

Full repository audit - 2026-05-23

Status: complete

This audit tracks the current deep pass over the repository for bugs, inconsistencies, drift, documentation issues, and release/process risks. The working tree was checked from /Users/nicco/Projects/antigravity-awesome-skills on main.

Patch follow-up:

  • Resolved in follow-up patches: unsafe archive fallback extraction, Telegram Node vulnerable dependency stack, installer symlink target migration, stale web SEO counts/social card, stale web canonical URL docs, malformed WhatsApp HMAC signature handling, Telegram token-in-URL webhook guidance, .disabled web asset publishing, Junta TLS bypasses, legacy manifest verification drift, Telegram HTML escaping, Remotion chart typo, nested skill ID collision coverage, Chinese/localized docs staleness, path-aware internal markdown link repair, and deterministic link/glossary validation reports.
  • Still open after these patches: none from this audit report. The legacy strict skill-quality warnings remain tracked as explicit backlog debt behind tools/config/audit-skills-strict-budget.json.

Validation evidence

Passed:

  • npm run validate
  • npm run validate:strict
  • npm run validate:references
  • npm run plugin-compat:check
  • npm run check:warning-budget
  • npm run audit:skills
  • npm run audit:consistency
  • npm run audit:maintainer reported version/count/warning/consistency clean, then exited non-zero because this audit report itself is an untracked changed file
  • npm run check:stale-claims
  • npm run bundles:check
  • npm run check:readme-credits
  • npm run security:docs
  • npm test
  • npm run test:local
  • npm run pr:preflight
  • npm run app:test
  • npm run app:test:coverage
  • npm run app:build
  • cd apps/web-app && npm run lint
  • cd apps/web-app && npm run verify:seo
  • npm audit --audit-level=high --omit=dev
  • npm audit --audit-level=moderate
  • cd apps/web-app && npm audit --audit-level=moderate
  • cd data && npm audit --audit-level=moderate
  • cd skills/loki-mode/examples/todo-app-generated/backend && npm audit --audit-level=moderate
  • cd skills/loki-mode/examples/todo-app-generated/frontend && npm audit --audit-level=moderate
  • cd skills/loki-mode/examples/todo-app-generated/backend && npm run build
  • cd skills/loki-mode/examples/todo-app-generated/frontend && npm run build
  • Temp-copy npm run build for skills/telegram/assets/boilerplate/nodejs
  • Temp-copy npm run build for skills/whatsapp-cloud-api/assets/boilerplate/nodejs
  • Temp-copy npm audit --audit-level=moderate for skills/whatsapp-cloud-api/assets/boilerplate/nodejs
  • npm pack --dry-run --json
  • bash scripts/validate-links.sh
  • python3 -m py_compile equivalent pass over tracked Python sources, excluding generated mirrors/output
  • bash -n pass over tracked shell scripts, excluding generated mirrors/output
  • node --check over tracked JavaScript/CommonJS/ESM source files, excluding generated web output and plugin mirrors
  • JSON/JSONL parse over tracked JSON-like files
  • Ruby/Psych YAML parse over .github/workflows/*.yml, discussion templates, and issue templates
  • Ruby/Psych YAML parse over all tracked *.yml and *.yaml
  • Python XML parser over tracked XML/XSD/SVG files
  • actionlint v1.7.12 run from /tmp over .github/workflows/*.yml
  • Global frontmatter parse over all tracked *SKILL.md files
  • Full-plugin and bundle-plugin file drift checks against canonical skills/ sources
  • Plugin manifest parse/check over .codex-plugin/plugin.json and .claude-plugin/plugin.json
  • Canonical skills_index.json ID/path duplicate check
  • Targeted typo/refuso scan for common English misspellings across active repo sources, excluding generated output and plugin mirrors
  • Tracked temporary/bytecode artifact scan for __pycache__, *.pyc, .DS_Store, *.tmp, *.bak, and *.orig

Observed counts:

  • Root visible skills: 1465
  • Tracked *SKILL.md files: 4559
  • Canonical indexed skills: 1465 files, 0 duplicate index IDs, 0 duplicate index paths
  • Canonical skill frontmatter: 0 duplicate names, 0 missing risk/source, 229 missing date_added
  • Nested indexed skills: 20 entries under second-level category paths such as skills/game-development/2d-games, skills/libreoffice/base, and skills/security/aws-iam-best-practices
  • Root skills_index.json and data/skills_index.json: equal
  • audit:skills: 1465 scanned, 0 errors, 740 warning-only
  • App coverage: 12 test files / 72 tests passed, 89.58% statements, 76.84% branches
  • Web app lint: passed with --max-warnings 0
  • Web app SEO verifier: passed, with the manifest coverage caveat noted below
  • Python syntax pass: 1077 files checked, 0 errors
  • Shell syntax pass: 61 scripts checked, 0 errors
  • JavaScript syntax pass: 74 source files checked, 0 errors
  • YAML parse pass: 81 files checked, 0 errors
  • XML/XSD/SVG parse pass: 342 files checked, 0 errors
  • Tracked symlinks: 7 checked, all targets exist
  • Plugin mirror SKILL.md files: 3094 matched canonical sources byte-for-byte, 0 drift
  • Global tracked skill frontmatter: 4559 SKILL.md files parsed, 0 frontmatter errors, 0 missing frontmatter, 0 missing name
  • Disabled source skills: 34 skills/.disabled/*/SKILL.md files present and included in the global frontmatter parse
  • Full plugin file drift: 11561 files checked in plugins/antigravity-awesome-skills*, 0 missing canonical files, 0 drift
  • Bundle plugin file drift: 950 files checked in plugins/antigravity-bundle-*, 0 missing canonical files, 0 drift
  • Plugin manifests: 76 manifests parsed, 0 missing name/version/reference errors
  • Maintainer audit: repository sickn33/antigravity-awesome-skills, version 11.5.0, skills 1,465+, warning budget 0/135, consistency clean; tracked working tree clean, but the untracked audit report makes the full gate fail until added/removed
  • Stale-claims checker: no stale claims detected in active docs
  • Editorial bundles: manifest and generated doc are in sync
  • README credits check: no changed skill files detected
  • Telegram and WhatsApp TypeScript boilerplates build successfully in temp copies after npm install --ignore-scripts
  • WhatsApp TypeScript boilerplate temp-copy moderate audit: 0 vulnerabilities

Failed / issue-producing checks:

  • Temp-copy npm audit --audit-level=moderate for skills/telegram/assets/boilerplate/nodejs: 5 vulnerabilities, including 1 critical (form-data <2.5.4) through node-telegram-bot-api -> @cypress/request-promise -> request
  • npm run audit:skills:strict: 1465 scanned, 0 errors, but 740 warning-only skills / 865 warnings made the strict audit exit non-zero
  • Strict JSON parsing found 5 JSONC-style files with comments: apps/web-app/tsconfig.json plus the canonical and mirrored typescript-expert/references/tsconfig-strict.json files
  • Targeted typo scan found one confirmed source typo: skills/remotion-best-practices/rules/charts.md:20

Findings

High - archive refresh fallback extracts untrusted archives without path validation

  • File: apps/web-app/refresh-skills-plugin.js
  • Lines: 220-261
  • Evidence: syncWithArchive() downloads GitHub tar/zip archives and extracts them with tar -xzf, Expand-Archive, or unzip -o directly into update_temp.
  • Risk: an archive containing path traversal entries or malicious symlinks can write outside the intended extraction root before the code checks for antigravity-awesome-skills-main/skills.
  • Current tests: apps/web-app/src/__tests__/refresh-skills-plugin.security.test.js covers loopback/auth and fast-forward behavior but does not cover archive extraction safety.
  • Suggested fix: replace shell extraction with a safe extraction helper that rejects absolute paths, .. segments, unsafe symlinks, and post-extraction realpaths outside update_temp; add tar/zip regression tests.

High - Telegram Node boilerplate resolves a vulnerable request stack

  • File: skills/telegram/assets/boilerplate/nodejs/package.json
  • Lines: 11-21
  • Evidence: a temp-copy install/audit of this package reported 5 vulnerabilities: critical form-data <2.5.4, moderate request, qs, tough-cookie, and uuid. npm ls traces the critical path through node-telegram-bot-api@0.66.0 -> @cypress/request-promise@5.0.0 -> request@2.88.2 -> form-data@2.3.3.
  • Risk: users following this boilerplate get a vulnerable dependency graph even though the boilerplate TypeScript itself compiles.
  • Current tests: the root dependency audits do not cover this package because it has no committed lockfile and is not part of the root workspace install.
  • Suggested fix: replace node-telegram-bot-api with a maintained Telegram client that does not depend on deprecated request, or commit a tested lockfile/override strategy that removes the vulnerable transitive versions.

Medium - full-repo install migration preserves target symlinks

  • File: tools/bin/install.js
  • Lines: 474-493
  • Evidence: when target.path/.git exists and target.path itself is a symlink, the migration renames the symlink to a backup and then recreates the same symlink at target.path.
  • Risk: this diverges from the non-symlink migration path, where a fresh directory is created. Subsequent writes continue through the symlink target, which is surprising during a "skills-only layout" migration and weaker as a trust boundary.
  • Suggested fix: either reject symlinked full-repo migration targets with a clear error, or materialize a real directory at target.path after backing up the symlink.

Medium - prerendered web app SEO count is stale

  • File: apps/web-app/scripts/prerender-routes.js
  • Lines: 12, 156-159
  • Evidence: HOME_CATALOG_COUNT is 1273 and the generated title is hardcoded to 1,273+, while the current registry has 1465 skills. The checked apps/web-app/dist/index.html contains 1,273+ installable AI skills catalog.
  • Risk: search/social metadata undersells the catalog and drifts from README/CATALOG counts.
  • Suggested fix: derive the title count from the actual skills.json count used by prerendering, or update the constant/title together with generated assets.

Medium - source web metadata and social card are stale before prerendering

  • Files: apps/web-app/index.html, apps/web-app/public/social-card.svg
  • Evidence: index.html still contains 1,326+ in title, description, Open Graph, and Twitter metadata. social-card.svg also displays 1,326+ Agentic Skills and describes a 1,326 plus headline.
  • Risk: the built homepage is partially corrected by prerendering, but source metadata, fallback HTML, and social preview assets remain stale and can leak into previews or static hosting paths.
  • Suggested fix: derive counts from the same generated registry source used by the app, or update these assets during the web asset sync step.

Medium - app environment docs name an unused canonical URL variable

  • File: apps/web-app/README.md
  • Line: 59
  • Evidence: the README documents VITE_SITE_URL, but apps/web-app/scripts/generate-sitemap.js reads SEO_SITE_URL || WEBSITE_BASE_URL and apps/web-app/scripts/prerender-routes.js reads SEO_SITE_URL.
  • Risk: maintainers testing non-default hosts may set an environment variable that has no effect on sitemap/prerender canonical URLs.
  • Suggested fix: document SEO_SITE_URL and optionally WEBSITE_BASE_URL; remove or implement VITE_SITE_URL.

Medium - WhatsApp webhook HMAC validation throws on malformed signature length

  • File: skills/whatsapp-cloud-api/assets/boilerplate/nodejs/src/webhook-handler.ts
  • Lines: 38-41
  • Evidence: crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSignature)) is called without first checking that the two buffers have the same byte length. A direct Node check with a short signature throws RangeError: Input buffers must have the same byte length.
  • Risk: malformed x-hub-signature-256 headers can turn an invalid webhook request into an exception/500 path instead of a clean 401, creating avoidable error noise and a small DoS surface.
  • Suggested fix: validate the sha256=<64 hex chars> shape before comparison, or compare only after checking equal buffer lengths; return 401 for malformed signatures.

Medium - Telegram webhook URL embeds the bot token

  • File: skills/telegram/assets/boilerplate/nodejs/src/bot-client.ts
  • Lines: 24-45
  • Evidence: the Express route and registered webhook URL both use /webhook/${this.token} while Telegram already supports secret_token.
  • Risk: bot tokens placed in URL paths are likely to appear in reverse-proxy logs, request logs, telemetry, browser history, and webhook provider dashboards. The optional secret header loses much of its value if the bearer token itself is the path secret.
  • Suggested fix: use a random non-secret route ID or fixed /webhook route plus x-telegram-bot-api-secret-token; never include the bot token in URLs.

Medium - strict skill audit is not clean even though standard gates pass

Resolved in follow-up patch: npm run audit:skills:strict now enforces a versioned warning budget in tools/config/audit-skills-strict-budget.json, with explicit limits for total warnings, warning-only skills, and the top strict finding codes. The current legacy baseline is documented and the command fails on errors or warning regressions above that budget.

  • Command: npm run audit:skills:strict
  • Evidence: strict mode scanned 1465 skills and found 0 errors, but still exited non-zero because 740 skills are warning-only with 865 total warnings. Top findings were risk_suggestion (1013), missing_examples (387), and skill_too_long (193).
  • Risk: regular validation and warning-budget gates can look clean while the stricter skill-quality bar is materially unmet.
  • Suggested fix: either wire a consciously scoped subset of strict findings into CI/release gating, or document strict mode as an advisory backlog with explicit thresholds and owners.

Medium - web asset setup publishes disabled skills as static files

  • File: tools/scripts/setup_web.js
  • Lines: 70-80
  • Evidence: app:setup copies the entire skills/ directory into apps/web-app/public/skills without excluding dot directories. Current generated assets contain apps/web-app/public/skills/.disabled and apps/web-app/dist/skills/.disabled, each around 17 MiB, with 1294 files copied from 34 disabled skill directories. skills_index.json correctly excludes .disabled and reports 0 disabled entries.
  • Risk: disabled skills are not shown in the catalog but are still shipped as static web assets and can be fetched directly by path, which conflicts with the validator/indexer semantics that hidden/disabled directories are excluded.
  • Suggested fix: make copyFolderSync() skip dot-prefixed directories, or explicitly skip .disabled when copying web assets; add a web setup test that asserts public/skills/.disabled is absent after app:setup.

Low - Junta scrapers bypass the shared TLS verification switch

  • Files: skills/junta-leiloeiros/scripts/scraper/jucisrs.py, skills/junta-leiloeiros/scripts/scraper/jucesp.py, skills/junta-leiloeiros/scripts/scraper/jucema.py
  • Lines: jucisrs.py:178-182, jucisrs.py:223-229, jucisrs.py:245-257, jucesp.py:115-121, jucema.py:161-169
  • Evidence: base_scraper.py provides should_verify_tls() and tests assert TLS verification is enabled by default, but these state-specific scrapers instantiate httpx.AsyncClient(verify=False) or Playwright with ignore_https_errors=True directly.
  • Risk: the test suite proves the shared base helper default, but not the actual transport behavior of these scraper implementations; network interception can still tamper with scraper input by default.
  • Suggested fix: replace direct verify=False / ignore_https_errors=True with should_verify_tls() in state-specific scrapers, and extend test_junta_tls_security.py to scan or monkeypatch concrete scraper clients.

Low - nested skill IDs lose their category namespace in generated routes

  • Files: tools/scripts/generate_index.py, apps/web-app/src/pages/SkillDetail.tsx, apps/web-app/src/components/SkillCard.tsx
  • Lines: generate_index.py:879-887, SkillDetail.tsx:61-79, SkillCard.tsx:16
  • Evidence: generate_index.py sets each skill id to os.path.basename(root) while keeping the full nested path separately. The current index has 20 nested skills, including base => skills/libreoffice/base, templates => skills/app-builder/templates, and 2d-games => skills/game-development/2d-games. The web app routes to /skill/${skill.id} and resolves detail pages with skills.find(s => s.id === id).
  • Risk: there are currently 0 duplicate IDs, so this is not breaking today. A future top-level base, another nested base, or similarly generic nested name would create an ambiguous route/star/canonical-ID collision because the public ID omits the category namespace.
  • Suggested fix: either generate route-safe IDs from the relative path for nested skills, or add a uniqueness test that fails when any future nested basename collides with another indexed skill.

Low - SEO verifier checks a legacy manifest filename, not the linked manifest

  • Files: apps/web-app/index.html, apps/web-app/scripts/verify-seo-assets.js, .github/workflows/pages.yml
  • Evidence: index.html links %BASE_URL%site.webmanifest, while verify-seo-assets.js and the Pages workflow check dist/manifest.webmanifest. Both files currently exist, so the gate passes, but it does not prove the linked manifest is present.
  • Risk: a future build could break site.webmanifest while the verifier still passes because manifest.webmanifest remains.
  • Suggested fix: make the verifier and Pages workflow check site.webmanifest, or explicitly verify every manifest referenced by index.html.

Low - Telegram HTML messages interpolate display names without escaping

  • File: skills/telegram/assets/boilerplate/nodejs/src/handlers.ts
  • Lines: 8-14, 31-37
  • Evidence: /start injects msg.from?.first_name into a message sent with parse_mode: 'HTML'; /about does the same with bot profile fields.
  • Risk: Telegram display names containing <, >, or & can break formatting, cause send failures, or create unintended markup in generated bot replies.
  • Suggested fix: HTML-escape interpolated values whenever parse_mode: 'HTML' is used, or switch these messages to plain text/Markdown with appropriate escaping.

Low - Chinese documentation is release/count stale

  • Files: docs_zh-CN/README.md, docs_zh-CN/users/getting-started.md, docs_zh-CN/final-validation-report.md
  • Evidence: English docs and package metadata are at 11.5.0 / 1465, while docs_zh-CN/README.md is synced to 10.7.0 / 1436, contains an internal mention of version 8.10.0, and docs_zh-CN/users/getting-started.md still says V10.7.0. docs_zh-CN/final-validation-report.md is also for V8.10.0.
  • Risk: localized entry points give outdated release and catalog information.
  • Suggested fix: either refresh translated docs after canonical English updates or mark old translation reports as historical snapshots so they are not read as current documentation.

Low - internal markdown links are broken in integration and localized docs

  • Files: docs/integrations/jetski-gemini-loader/README.md, docs_zh-CN/README.md, docs/vietnamese/*.vi.md, docs_zh-CN/integrations/jetski-gemini-loader/README.md
  • Evidence: a relative-path-aware local scan over README.md, docs/, and docs_zh-CN/ found 105 broken internal links. Confirmed examples:
    • docs/integrations/jetski-gemini-loader/README.md links to ../../docs/integrations/jetski-cortex.md, which resolves to nonexistent docs/docs/integrations/jetski-cortex.md; the real target is docs/integrations/jetski-cortex.md.
    • docs_zh-CN/README.md links to paths such as docs/users/bundles.md, which resolve under docs_zh-CN/docs/... instead of the repo root.
  • Risk: GitHub users following localized or integration docs hit dead links even though the current validate:references gate passes.
  • Suggested fix: add a path-aware markdown link checker to CI, then repair localized relative paths and the Jetski integration link.

Low - Remotion chart rule has a visible typo

  • File: skills/remotion-best-practices/rules/charts.md
  • Line: 20
  • Evidence: the sentence reads See Bar Chart Example for a basic example implmentation.
  • Risk: low editorial quality issue in a user-facing skill rule.
  • Suggested fix: change implmentation to implementation.

Low - link validation script writes a stale, machine-specific translated report

  • Files: scripts/validate-links.sh, docs_zh-CN/link-validation-report.txt
  • Evidence: scripts/validate-links.sh writes docs_zh-CN/link-validation-report.txt with a timestamp and absolute local paths. The script labels this as a translated report but scans docs/, not docs_zh-CN/, and resolves internal links by basename only. The script itself notes that links such as ../../CATALOG.md can be false positives.
  • Risk: rerunning the script creates non-portable tracked drift and produces a report that can mix real broken links with known false positives.
  • Suggested fix: either make the report deterministic and unambiguous, or stop tracking it. Resolve links relative to each source file and run separate checks for canonical docs and translated docs.

Low - deliberate pipe-to-shell examples remain allowlisted

Resolved in follow-up patch: executable curl|bash, curl|sh, and irm|iex install examples in canonical skill sources were replaced with package-manager or download-inspect-execute flows, and obsolete pipe-to-shell allowlists were removed. The remaining security-allowlist comments cover non-pipe rule families or sandbox notes.

  • Files include skills/bun-development/SKILL.md, skills/linkerd-patterns/SKILL.md, skills/cloud-penetration-testing/SKILL.md, skills/varlock/SKILL.md, skills/evolution/SKILL.md, and plugin mirrors.
  • Evidence: npm run security:docs passes because these examples are allowlisted, but the repo still contains executable curl|bash, curl|sh, and irm|iex examples.
  • Risk: this is accepted by current policy, but remains risky guidance for automated agents.
  • Suggested fix: where practical, replace executable pipe-to-shell examples with package-manager or checksum-verified alternatives; keep allowlists only where no safe practical alternative exists.

Low - documentation examples use realistic-looking secret placeholders

Resolved in follow-up patch: canonical examples now use <AWS_ACCESS_KEY_ID>, <AWS_SECRET_ACCESS_KEY>, and <BASE64_PRIVATE_KEY>, and npm run security:docs blocks those realistic placeholder patterns from returning.

  • Files include skills/comfyui-gateway/references/integration.md, skills/security/aws-iam-best-practices/SKILL.md, skills/k8s-manifest-generator/resources/implementation-playbook.md, and plugin mirrors.
  • Evidence: secret-pattern scanning found AKIAIOSFODNN7EXAMPLE, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY, and -----BEGIN PRIVATE KEY----- examples. These are not confirmed live secrets: the AWS values are standard examples and the private key block is an ellipsis placeholder.
  • Risk: realistic secret-looking examples can create noisy secret-scan alerts and make it harder to distinguish documentation placeholders from real leaks.
  • Suggested fix: replace realistic credential examples with unmistakable placeholders such as <AWS_ACCESS_KEY_ID>, <AWS_SECRET_ACCESS_KEY>, and <BASE64_PRIVATE_KEY>.

Non-findings / bounded checks

  • The apparent --- frontmatter prefix in eight skills is accepted by the repo parser (^---\s*\n) and those skills are indexed, so this is not currently a validator bug.
  • Duplicate names under skills/.disabled are intentionally skipped by validator/index generation.
  • Root npm production audit reported 0 vulnerabilities.
  • Root, web app, and data package moderate audits reported 0 vulnerabilities.
  • Loki todo-app frontend and backend moderate audits reported 0 vulnerabilities.
  • Loki todo-app frontend and backend builds completed successfully.
  • Telegram and WhatsApp Node boilerplates compile successfully when installed in temp copies.
  • WhatsApp Node boilerplate moderate audit reported 0 vulnerabilities in a temp copy.
  • Python syntax checking found 0 errors across 1077 source files.
  • Shell syntax checking found 0 errors across 61 shell scripts.
  • JavaScript syntax checking found 0 errors across 74 source files.
  • YAML and XML-family parse checks found 0 syntax errors in tracked files.
  • The 7 tracked symlinks all resolve to in-repo targets.
  • The strict JSON parse failures are JSONC/commented config files rather than malformed runtime JSON; TypeScript accepts tsconfig.json comments, and the commented tsconfig-strict.json is a reference artifact mirrored byte-for-byte.
  • Plugin mirror skill files are byte-for-byte synchronized with canonical skills/ sources: 3094 matched, 0 drift.
  • Full-library plugin skill counts differ from the root visible catalog intentionally: the Codex plugin advertises 1,429 plugin-safe skills, and omitted root skills are compatibility-filtered rather than missing files.
  • Duplicate name values across all tracked SKILL.md files are expected because canonical skills are copied into full plugins and bundle plugins; canonical-vs-plugin byte checks found no content drift.
  • All 76 plugin manifests parsed with required identity/version fields present.
  • npm run audit:maintainer did not reveal a repo health issue beyond the intentional untracked audit report; git status --porcelain --untracked-files=no was clean.
  • npm pack --dry-run --json produced the expected installer-only package contents: LICENSE, README.md, package.json, tools/bin/install.js, and tools/lib/*.
  • No tracked temporary/bytecode/macOS artifact files were found for __pycache__, *.pyc, *.pyo, .DS_Store, *.tmp, *.bak, or *.orig.
  • The targeted common-typo scan produced two Teh matches that are a person's surname in the Geoffrey Hinton skill, not typos.