# Skill Signature Registry --- ## Header | Field | Value | |-------|-------| | **Report type** | registry | | **Target** | ~/.claude/skills (local registry) | | **Date** | 2026-05-05 | | **Mode** | scan | | **Version** | llm-security v7.4.0 | | **Scope** | skill-signature fingerprint registry | | **Triggered by** | /security registry scan | --- ## Risk Dashboard | Metric | Value | |--------|-------| | **Risk Score** | 18/100 | | **Risk Band** | Medium | | **Grade** | B | | **Verdict** | WARNING | | Severity | Count | |----------|------:| | Critical | 0 | | High | 1 | | Medium | 2 | | Low | 2 | | Info | 5 | | **Total** | **10** | **Verdict rationale:** 1 HIGH on a known-malicious skill fingerprint match (`malicious-pdf-helper@1.0.0`). 2 MEDIUM on signature drift for previously-trusted skills. --- ## Registry Stats | Metric | Value | |--------|------:| | **Skills tracked** | 87 | | **Known-good fingerprints** | 79 | | **Known-bad fingerprints** | 4 | | **Unknown fingerprints** | 4 | | **Drift events (30d)** | 7 | | **Registry file** | reports/skill-registry.json | --- ## Signature Table | Skill | Source | Fingerprint (SHA-256, 8-hex) | Status | First seen | |-------|--------|------------------------------|--------|-----------| | pdf-helper | builtin | a8f3e21d | known-good | 2026-01-12 | | story | user | 4c2b89f0 | known-good | 2026-02-08 | | malicious-pdf-helper | npm | 7e91d3a4 | KNOWN-BAD | 2026-04-22 | | story-v2 | user | 9f1c2e8b | DRIFT (was 4c2b89f0) | 2026-05-04 | | audit-helper | community | b3a7f29c | DRIFT (was c814e7a1) | 2026-05-03 | | pptx | builtin | d7e4a1f3 | known-good | 2026-01-12 | | capability-auditor | community | e2f9b483 | unknown (new) | 2026-05-05 | | persona-creator | builtin | 1a4c8e07 | known-good | 2026-01-12 | --- ## Findings ### High | ID | Category | Skill | File | Description | OWASP | |----|----------|-------|------|-------------|-------| | REG-001 | Known-bad | malicious-pdf-helper | ~/.claude/skills/malicious-pdf-helper/SKILL.md | Fingerprint matches 2026-04-22 advisory (data exfiltration via PDF metadata) | LLM05 | ### Medium | ID | Category | Skill | File | Description | OWASP | |----|----------|-------|------|-------------|-------| | REG-002 | Drift | story-v2 | ~/.claude/skills/story-v2/SKILL.md | Fingerprint changed since registry — verify legitimacy | LLM05 | | REG-003 | Drift | audit-helper | ~/.claude/skills/audit-helper/SKILL.md | Fingerprint changed since registry — verify legitimacy | LLM05 | ### Low | ID | Category | Skill | File | Description | OWASP | |----|----------|-------|------|-------------|-------| | REG-004 | Unknown | capability-auditor | ~/.claude/skills/capability-auditor/SKILL.md | New community skill, no prior fingerprint — recommend manual review | — | | REG-005 | Stale | unused-skill | ~/.claude/skills/unused-skill/SKILL.md | No invocations in 90 days — candidate for removal | — | ### Info | ID | Category | Skill | File | Description | OWASP | |----|----------|-------|------|-------------|-------| | REG-006 | Coverage | (registry) | reports/skill-registry.json | 87 skills tracked across 4 sources (builtin/user/community/npm) | — | | REG-007 | Coverage | (cache) | ~/.cache/llm-security/registry/ | Cache size: 412 KB | — | | REG-008 | Coverage | (cache) | (TTL) | Registry cache TTL: 24h | — | | REG-009 | Coverage | (cache) | (next sync) | 17h until next registry sync | — | | REG-010 | History | (audit) | reports/registry-audit.jsonl | 7 drift events in last 30 days, all on community skills | — | --- ## Recommendations 1. **Immediate:** Disable or remove `malicious-pdf-helper` skill. Cross-reference with `~/.claude/skills/` and check if any agents reference it. 2. **High:** Investigate signature drift on `story-v2` and `audit-helper`. Compare against last-known-good fingerprint and re-register if legitimate update. 3. **Medium:** Manually review `capability-auditor` (new, unknown). Run `/security scan ~/.claude/skills/capability-auditor` for full analysis. 4. **Low:** Audit unused skills — `unused-skill` has had no invocations in 90d. --- *Registry scan complete. 87 skills, 1 known-bad, 2 drift events.*