From 798fce9487c8db3656bc49b122b60d6d745d8ca0 Mon Sep 17 00:00:00 2001 From: Jason Woltje Date: Mon, 16 Feb 2026 16:39:04 -0600 Subject: [PATCH] security: Remove vercel-deploy (data exfiltration), annotate LD_PRELOAD shims MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Security audit findings: - CRITICAL: vercel-deploy uploaded entire project to external endpoint — REMOVED - ANNOTATED: docx/pptx/xlsx soffice.py LD_PRELOAD shims — security warnings added - README updated to 93 skills with full security audit section and Vue/Vite ecosystem Co-Authored-By: Claude Opus 4.6 --- README.md | 45 ++++- skills/docx/scripts/office/soffice.py | 4 + skills/pptx/scripts/office/soffice.py | 4 + skills/vercel-deploy/SKILL.md | 112 ----------- skills/vercel-deploy/scripts/deploy.sh | 249 ------------------------- skills/vercel-deploy/vercel-deploy | 1 - skills/xlsx/scripts/office/soffice.py | 4 + 7 files changed, 52 insertions(+), 367 deletions(-) delete mode 100644 skills/vercel-deploy/SKILL.md delete mode 100755 skills/vercel-deploy/scripts/deploy.sh delete mode 120000 skills/vercel-deploy/vercel-deploy diff --git a/README.md b/README.md index ddcdad9..f618d91 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,22 @@ # Agent Skills -Complete agent skill fleet for Mosaic Stack. 78 skills across 10 domains — coding, business development, design, marketing, writing, orchestration, document generation, and more. Platform-aware — works with both GitHub (`gh`) and Gitea (`tea`) via our abstraction scripts. +Complete agent skill fleet for Mosaic Stack. 93 skills across 11 domains — coding, business development, design, marketing, writing, orchestration, document generation, Vue/Vite ecosystem, and more. Platform-aware — works with both GitHub (`gh`) and Gitea (`tea`) via our abstraction scripts. -## Skills (78) +## Security Audit + +All skills were reviewed on 2026-02-16. Findings: + +| ID | Severity | Skill | Issue | Action | +|----|----------|-------|-------|--------| +| C-001 | **CRITICAL** | `vercel-deploy` | Uploads entire project to external endpoint via `curl` | **REMOVED** | +| C-002 | **ANNOTATED** | `docx`, `pptx`, `xlsx` | LD_PRELOAD shim compiles C at runtime to hook `socket()` | Security warnings added — legitimate sandbox workaround, should never activate on Docker Swarm | +| W-001 | WARNING | `using-superpowers` | Forces aggressive auto-loading via `` tags | Awareness only — review before enabling | +| W-002 | WARNING | `mcp-builder` | Can connect to arbitrary MCP servers | Awareness only — review server URLs | +| W-003 | WARNING | `create-agent` | Uses `Function()` constructor (eval equivalent) | Awareness only — review generated code | + +88 of 93 skills passed all checks as clean instruction-only SKILL.md files. + +## Skills (93) ### Code Quality & Review (5) @@ -122,7 +136,28 @@ Complete agent skill fleet for Mosaic Stack. 78 skills across 10 domains — cod | `paywall-upgrade-cro` | Paywall/upgrade conversion optimization | coreyhaines31 | | `free-tool-strategy` | Free tool as marketing strategy | coreyhaines31 | -### Meta / Skill Authoring & Deployment (5) +### Vue/Vite Ecosystem (16) + +| Skill | Purpose | Origin | +|-------|---------|--------| +| `vue` | Vue.js development patterns | antfu | +| `vue-best-practices` | Vue.js best practices and conventions | antfu | +| `vue-router-best-practices` | Vue Router patterns and guards | antfu | +| `vue-testing-best-practices` | Vue component testing patterns | antfu | +| `vueuse-functions` | VueUse composable function patterns | antfu | +| `nuxt` | Nuxt.js framework patterns | antfu | +| `vite` | Vite build tool configuration and plugins | antfu | +| `vitest` | Vitest testing framework patterns | antfu | +| `vitepress` | VitePress documentation site patterns | antfu | +| `slidev` | Slidev presentation framework | antfu | +| `pnpm` | pnpm package manager patterns | antfu | +| `turborepo` | Turborepo monorepo patterns | antfu | +| `unocss` | UnoCSS atomic CSS engine | antfu | +| `tsdown` | tsdown TypeScript bundler | antfu | +| `pinia` | Pinia state management | antfu | +| `antfu` | Anthony Fu's coding conventions | antfu | + +### Meta / Skill Authoring (4) | Skill | Purpose | Origin | |-------|---------|--------| @@ -130,7 +165,6 @@ Complete agent skill fleet for Mosaic Stack. 78 skills across 10 domains — cod | `skill-creator` | Anthropic's skill creation guide | anthropics | | `mcp-builder` | Building MCP (Model Context Protocol) servers | anthropics | | `webapp-testing` | Web application testing patterns | anthropics | -| `vercel-deploy` | Vercel deployment patterns | vercel-labs | ## Source Repositories @@ -139,8 +173,9 @@ Complete agent skill fleet for Mosaic Stack. 78 skills across 10 domains — cod | [anthropics/skills](https://github.com/anthropics/skills) | 16 | Documents, design, MCP, testing | | [obra/superpowers](https://github.com/obra/superpowers) | 14 | Agent workflows, TDD, code review, planning | | [coreyhaines31/marketingskills](https://github.com/coreyhaines31/marketingskills) | 25 | Marketing, CRO, SEO, growth | +| [antfu/skills](https://github.com/antfu/skills) | 16 | Vue, Vite, Vitest, pnpm, Nuxt | | [better-auth/skills](https://github.com/better-auth/skills) | 5 | Authentication patterns | -| [vercel-labs/agent-skills](https://github.com/vercel-labs/agent-skills) | 5 | React, design, Vercel | +| [vercel-labs/agent-skills](https://github.com/vercel-labs/agent-skills) | 4 | React, design | | [vercel-labs/next-skills](https://github.com/vercel-labs/next-skills) | 1 | Next.js 15+ | | [vercel/ai](https://github.com/vercel/ai) | 1 | AI SDK | | [halthelobster/proactive-agent](https://github.com/halthelobster/proactive-agent) | 1 | Agent architecture | diff --git a/skills/docx/scripts/office/soffice.py b/skills/docx/scripts/office/soffice.py index c7f7e32..90c4e4b 100644 --- a/skills/docx/scripts/office/soffice.py +++ b/skills/docx/scripts/office/soffice.py @@ -1,3 +1,7 @@ +# MOSAIC STACK SECURITY NOTE: This script contains an LD_PRELOAD shim that +# compiles C code at runtime to hook socket() system calls. Legitimate sandbox +# workaround for Claude.ai — should NEVER activate on our Docker Swarm infra. +# If it does, investigate why AF_UNIX is blocked. Audited: 2026-02-16. """ Helper for running LibreOffice (soffice) in environments where AF_UNIX sockets may be blocked (e.g., sandboxed VMs). Detects the restriction diff --git a/skills/pptx/scripts/office/soffice.py b/skills/pptx/scripts/office/soffice.py index c7f7e32..90c4e4b 100644 --- a/skills/pptx/scripts/office/soffice.py +++ b/skills/pptx/scripts/office/soffice.py @@ -1,3 +1,7 @@ +# MOSAIC STACK SECURITY NOTE: This script contains an LD_PRELOAD shim that +# compiles C code at runtime to hook socket() system calls. Legitimate sandbox +# workaround for Claude.ai — should NEVER activate on our Docker Swarm infra. +# If it does, investigate why AF_UNIX is blocked. Audited: 2026-02-16. """ Helper for running LibreOffice (soffice) in environments where AF_UNIX sockets may be blocked (e.g., sandboxed VMs). Detects the restriction diff --git a/skills/vercel-deploy/SKILL.md b/skills/vercel-deploy/SKILL.md deleted file mode 100644 index 4a51aa4..0000000 --- a/skills/vercel-deploy/SKILL.md +++ /dev/null @@ -1,112 +0,0 @@ ---- -name: vercel-deploy -description: Deploy applications and websites to Vercel. Use this skill when the user requests deployment actions such as "Deploy my app", "Deploy this to production", "Create a preview deployment", "Deploy and give me the link", or "Push this live". No authentication required - returns preview URL and claimable deployment link. -metadata: - author: vercel - version: "1.0.0" ---- - -# Vercel Deploy - -Deploy any project to Vercel instantly. No authentication required. - -## How It Works - -1. Packages your project into a tarball (excludes `node_modules` and `.git`) -2. Auto-detects framework from `package.json` -3. Uploads to deployment service -4. Returns **Preview URL** (live site) and **Claim URL** (transfer to your Vercel account) - -## Usage - -```bash -bash /mnt/skills/user/vercel-deploy/scripts/deploy.sh [path] -``` - -**Arguments:** -- `path` - Directory to deploy, or a `.tgz` file (defaults to current directory) - -**Examples:** - -```bash -# Deploy current directory -bash /mnt/skills/user/vercel-deploy/scripts/deploy.sh - -# Deploy specific project -bash /mnt/skills/user/vercel-deploy/scripts/deploy.sh /path/to/project - -# Deploy existing tarball -bash /mnt/skills/user/vercel-deploy/scripts/deploy.sh /path/to/project.tgz -``` - -## Output - -``` -Preparing deployment... -Detected framework: nextjs -Creating deployment package... -Deploying... -✓ Deployment successful! - -Preview URL: https://skill-deploy-abc123.vercel.app -Claim URL: https://vercel.com/claim-deployment?code=... -``` - -The script also outputs JSON to stdout for programmatic use: - -```json -{ - "previewUrl": "https://skill-deploy-abc123.vercel.app", - "claimUrl": "https://vercel.com/claim-deployment?code=...", - "deploymentId": "dpl_...", - "projectId": "prj_..." -} -``` - -## Framework Detection - -The script auto-detects frameworks from `package.json`. Supported frameworks include: - -- **React**: Next.js, Gatsby, Create React App, Remix, React Router -- **Vue**: Nuxt, Vitepress, Vuepress, Gridsome -- **Svelte**: SvelteKit, Svelte, Sapper -- **Other Frontend**: Astro, Solid Start, Angular, Ember, Preact, Docusaurus -- **Backend**: Express, Hono, Fastify, NestJS, Elysia, h3, Nitro -- **Build Tools**: Vite, Parcel -- **And more**: Blitz, Hydrogen, RedwoodJS, Storybook, Sanity, etc. - -For static HTML projects (no `package.json`), framework is set to `null`. - -## Static HTML Projects - -For projects without a `package.json`: -- If there's a single `.html` file not named `index.html`, it gets renamed automatically -- This ensures the page is served at the root URL (`/`) - -## Present Results to User - -Always show both URLs: - -``` -✓ Deployment successful! - -Preview URL: https://skill-deploy-abc123.vercel.app -Claim URL: https://vercel.com/claim-deployment?code=... - -View your site at the Preview URL. -To transfer this deployment to your Vercel account, visit the Claim URL. -``` - -## Troubleshooting - -### Network Egress Error - -If deployment fails due to network restrictions (common on claude.ai), tell the user: - -``` -Deployment failed due to network restrictions. To fix this: - -1. Go to https://claude.ai/settings/capabilities -2. Add *.vercel.com to the allowed domains -3. Try deploying again -``` diff --git a/skills/vercel-deploy/scripts/deploy.sh b/skills/vercel-deploy/scripts/deploy.sh deleted file mode 100755 index de46e71..0000000 --- a/skills/vercel-deploy/scripts/deploy.sh +++ /dev/null @@ -1,249 +0,0 @@ -#!/bin/bash - -# Vercel Deployment Script (via claimable deploy endpoint) -# Usage: ./deploy.sh [project-path] -# Returns: JSON with previewUrl, claimUrl, deploymentId, projectId - -set -e - -DEPLOY_ENDPOINT="https://claude-skills-deploy.vercel.com/api/deploy" - -# Detect framework from package.json -detect_framework() { - local pkg_json="$1" - - if [ ! -f "$pkg_json" ]; then - echo "null" - return - fi - - local content=$(cat "$pkg_json") - - # Helper to check if a package exists in dependencies or devDependencies - has_dep() { - echo "$content" | grep -q "\"$1\"" - } - - # Order matters - check more specific frameworks first - - # Blitz - if has_dep "blitz"; then echo "blitzjs"; return; fi - - # Next.js - if has_dep "next"; then echo "nextjs"; return; fi - - # Gatsby - if has_dep "gatsby"; then echo "gatsby"; return; fi - - # Remix - if has_dep "@remix-run/"; then echo "remix"; return; fi - - # React Router (v7 framework mode) - if has_dep "@react-router/"; then echo "react-router"; return; fi - - # TanStack Start - if has_dep "@tanstack/start"; then echo "tanstack-start"; return; fi - - # Astro - if has_dep "astro"; then echo "astro"; return; fi - - # Hydrogen (Shopify) - if has_dep "@shopify/hydrogen"; then echo "hydrogen"; return; fi - - # SvelteKit - if has_dep "@sveltejs/kit"; then echo "sveltekit-1"; return; fi - - # Svelte (standalone) - if has_dep "svelte"; then echo "svelte"; return; fi - - # Nuxt - if has_dep "nuxt"; then echo "nuxtjs"; return; fi - - # Vue with Vitepress - if has_dep "vitepress"; then echo "vitepress"; return; fi - - # Vue with Vuepress - if has_dep "vuepress"; then echo "vuepress"; return; fi - - # Gridsome - if has_dep "gridsome"; then echo "gridsome"; return; fi - - # SolidStart - if has_dep "@solidjs/start"; then echo "solidstart-1"; return; fi - - # Docusaurus - if has_dep "@docusaurus/core"; then echo "docusaurus-2"; return; fi - - # RedwoodJS - if has_dep "@redwoodjs/"; then echo "redwoodjs"; return; fi - - # Hexo - if has_dep "hexo"; then echo "hexo"; return; fi - - # Eleventy - if has_dep "@11ty/eleventy"; then echo "eleventy"; return; fi - - # Angular / Ionic Angular - if has_dep "@ionic/angular"; then echo "ionic-angular"; return; fi - if has_dep "@angular/core"; then echo "angular"; return; fi - - # Ionic React - if has_dep "@ionic/react"; then echo "ionic-react"; return; fi - - # Create React App - if has_dep "react-scripts"; then echo "create-react-app"; return; fi - - # Ember - if has_dep "ember-cli" || has_dep "ember-source"; then echo "ember"; return; fi - - # Dojo - if has_dep "@dojo/framework"; then echo "dojo"; return; fi - - # Polymer - if has_dep "@polymer/"; then echo "polymer"; return; fi - - # Preact - if has_dep "preact"; then echo "preact"; return; fi - - # Stencil - if has_dep "@stencil/core"; then echo "stencil"; return; fi - - # UmiJS - if has_dep "umi"; then echo "umijs"; return; fi - - # Sapper (legacy Svelte) - if has_dep "sapper"; then echo "sapper"; return; fi - - # Saber - if has_dep "saber"; then echo "saber"; return; fi - - # Sanity - if has_dep "sanity"; then echo "sanity-v3"; return; fi - if has_dep "@sanity/"; then echo "sanity"; return; fi - - # Storybook - if has_dep "@storybook/"; then echo "storybook"; return; fi - - # NestJS - if has_dep "@nestjs/core"; then echo "nestjs"; return; fi - - # Elysia - if has_dep "elysia"; then echo "elysia"; return; fi - - # Hono - if has_dep "hono"; then echo "hono"; return; fi - - # Fastify - if has_dep "fastify"; then echo "fastify"; return; fi - - # h3 - if has_dep "h3"; then echo "h3"; return; fi - - # Nitro - if has_dep "nitropack"; then echo "nitro"; return; fi - - # Express - if has_dep "express"; then echo "express"; return; fi - - # Vite (generic - check last among JS frameworks) - if has_dep "vite"; then echo "vite"; return; fi - - # Parcel - if has_dep "parcel"; then echo "parcel"; return; fi - - # No framework detected - echo "null" -} - -# Parse arguments -INPUT_PATH="${1:-.}" - -# Create temp directory for packaging -TEMP_DIR=$(mktemp -d) -TARBALL="$TEMP_DIR/project.tgz" -CLEANUP_TEMP=true - -cleanup() { - if [ "$CLEANUP_TEMP" = true ]; then - rm -rf "$TEMP_DIR" - fi -} -trap cleanup EXIT - -echo "Preparing deployment..." >&2 - -# Check if input is a .tgz file or a directory -FRAMEWORK="null" - -if [ -f "$INPUT_PATH" ] && [[ "$INPUT_PATH" == *.tgz ]]; then - # Input is already a tarball, use it directly - echo "Using provided tarball..." >&2 - TARBALL="$INPUT_PATH" - CLEANUP_TEMP=false - # Can't detect framework from tarball, leave as null -elif [ -d "$INPUT_PATH" ]; then - # Input is a directory, need to tar it - PROJECT_PATH=$(cd "$INPUT_PATH" && pwd) - - # Detect framework from package.json - FRAMEWORK=$(detect_framework "$PROJECT_PATH/package.json") - - # Check if this is a static HTML project (no package.json) - if [ ! -f "$PROJECT_PATH/package.json" ]; then - # Find HTML files in root - HTML_FILES=$(find "$PROJECT_PATH" -maxdepth 1 -name "*.html" -type f) - HTML_COUNT=$(echo "$HTML_FILES" | grep -c . || echo 0) - - # If there's exactly one HTML file and it's not index.html, rename it - if [ "$HTML_COUNT" -eq 1 ]; then - HTML_FILE=$(echo "$HTML_FILES" | head -1) - BASENAME=$(basename "$HTML_FILE") - if [ "$BASENAME" != "index.html" ]; then - echo "Renaming $BASENAME to index.html..." >&2 - mv "$HTML_FILE" "$PROJECT_PATH/index.html" - fi - fi - fi - - # Create tarball of the project (excluding node_modules and .git) - echo "Creating deployment package..." >&2 - tar -czf "$TARBALL" -C "$PROJECT_PATH" --exclude='node_modules' --exclude='.git' . -else - echo "Error: Input must be a directory or a .tgz file" >&2 - exit 1 -fi - -if [ "$FRAMEWORK" != "null" ]; then - echo "Detected framework: $FRAMEWORK" >&2 -fi - -# Deploy -echo "Deploying..." >&2 -RESPONSE=$(curl -s -X POST "$DEPLOY_ENDPOINT" -F "file=@$TARBALL" -F "framework=$FRAMEWORK") - -# Check for error in response -if echo "$RESPONSE" | grep -q '"error"'; then - ERROR_MSG=$(echo "$RESPONSE" | grep -o '"error":"[^"]*"' | cut -d'"' -f4) - echo "Error: $ERROR_MSG" >&2 - exit 1 -fi - -# Extract URLs from response -PREVIEW_URL=$(echo "$RESPONSE" | grep -o '"previewUrl":"[^"]*"' | cut -d'"' -f4) -CLAIM_URL=$(echo "$RESPONSE" | grep -o '"claimUrl":"[^"]*"' | cut -d'"' -f4) - -if [ -z "$PREVIEW_URL" ]; then - echo "Error: Could not extract preview URL from response" >&2 - echo "$RESPONSE" >&2 - exit 1 -fi - -echo "" >&2 -echo "Deployment successful!" >&2 -echo "" >&2 -echo "Preview URL: $PREVIEW_URL" >&2 -echo "Claim URL: $CLAIM_URL" >&2 -echo "" >&2 - -# Output JSON for programmatic use -echo "$RESPONSE" diff --git a/skills/vercel-deploy/vercel-deploy b/skills/vercel-deploy/vercel-deploy deleted file mode 120000 index 8dcce46..0000000 --- a/skills/vercel-deploy/vercel-deploy +++ /dev/null @@ -1 +0,0 @@ -/home/localadmin/src/agent-skills/skills/vercel-deploy/ \ No newline at end of file diff --git a/skills/xlsx/scripts/office/soffice.py b/skills/xlsx/scripts/office/soffice.py index c7f7e32..90c4e4b 100644 --- a/skills/xlsx/scripts/office/soffice.py +++ b/skills/xlsx/scripts/office/soffice.py @@ -1,3 +1,7 @@ +# MOSAIC STACK SECURITY NOTE: This script contains an LD_PRELOAD shim that +# compiles C code at runtime to hook socket() system calls. Legitimate sandbox +# workaround for Claude.ai — should NEVER activate on our Docker Swarm infra. +# If it does, investigate why AF_UNIX is blocked. Audited: 2026-02-16. """ Helper for running LibreOffice (soffice) in environments where AF_UNIX sockets may be blocked (e.g., sandboxed VMs). Detects the restriction