mosaic/agent-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: Remove vercel-deploy (data exfiltration), annotate LD_PRELOAD shims

Browse Source 
Security audit findings:
- CRITICAL: vercel-deploy uploaded entire project to external endpoint — REMOVED
- ANNOTATED: docx/pptx/xlsx soffice.py LD_PRELOAD shims — security warnings added
- README updated to 93 skills with full security audit section and Vue/Vite ecosystem

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-16 16:39:04 -06:00
parent f5792c40be
commit 798fce9487
7 changed files with 52 additions and 367 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
README.md
View File

@@ -1,8 +1,22 @@
# Agent Skills
Complete agent skill fleet for Mosaic Stack. 78 skills across 10 domains — coding, business development, design, marketing, writing, orchestration, document generation, and more. Platform-aware — works with both GitHub (`gh`) and Gitea (`tea`) via our abstraction scripts.
Complete agent skill fleet for Mosaic Stack. 93 skills across 11 domains — coding, business development, design, marketing, writing, orchestration, document generation, Vue/Vite ecosystem, and more. Platform-aware — works with both GitHub (`gh`) and Gitea (`tea`) via our abstraction scripts.
## Skills (78)
## Security Audit
All skills were reviewed on 2026-02-16. Findings:
| ID | Severity | Skill | Issue | Action |
|----|----------|-------|-------|--------|
| C-001 | **CRITICAL** | `vercel-deploy` | Uploads entire project to external endpoint via `curl` | **REMOVED** |
| C-002 | **ANNOTATED** | `docx`, `pptx`, `xlsx` | LD_PRELOAD shim compiles C at runtime to hook `socket()` | Security warnings added — legitimate sandbox workaround, should never activate on Docker Swarm |
| W-001 | WARNING | `using-superpowers` | Forces aggressive auto-loading via `<EXTREMELY-IMPORTANT>` tags | Awareness only — review before enabling |
| W-002 | WARNING | `mcp-builder` | Can connect to arbitrary MCP servers | Awareness only — review server URLs |
| W-003 | WARNING | `create-agent` | Uses `Function()` constructor (eval equivalent) | Awareness only — review generated code |
88 of 93 skills passed all checks as clean instruction-only SKILL.md files.
## Skills (93)
### Code Quality & Review (5)
@@ -122,7 +136,28 @@ Complete agent skill fleet for Mosaic Stack. 78 skills across 10 domains — cod
| `paywall-upgrade-cro` | Paywall/upgrade conversion optimization | coreyhaines31 |
| `free-tool-strategy` | Free tool as marketing strategy | coreyhaines31 |
### Meta / Skill Authoring & Deployment (5)
### Vue/Vite Ecosystem (16)
| Skill | Purpose | Origin |
|-------|---------|--------|
| `vue` | Vue.js development patterns | antfu |
| `vue-best-practices` | Vue.js best practices and conventions | antfu |
| `vue-router-best-practices` | Vue Router patterns and guards | antfu |
| `vue-testing-best-practices` | Vue component testing patterns | antfu |
| `vueuse-functions` | VueUse composable function patterns | antfu |
| `nuxt` | Nuxt.js framework patterns | antfu |
| `vite` | Vite build tool configuration and plugins | antfu |
| `vitest` | Vitest testing framework patterns | antfu |
| `vitepress` | VitePress documentation site patterns | antfu |
| `slidev` | Slidev presentation framework | antfu |
| `pnpm` | pnpm package manager patterns | antfu |
| `turborepo` | Turborepo monorepo patterns | antfu |
| `unocss` | UnoCSS atomic CSS engine | antfu |
| `tsdown` | tsdown TypeScript bundler | antfu |
| `pinia` | Pinia state management | antfu |
| `antfu` | Anthony Fu's coding conventions | antfu |
### Meta / Skill Authoring (4)
| Skill | Purpose | Origin |
|-------|---------|--------|
@@ -130,7 +165,6 @@ Complete agent skill fleet for Mosaic Stack. 78 skills across 10 domains — cod
| `skill-creator` | Anthropic's skill creation guide | anthropics |
| `mcp-builder` | Building MCP (Model Context Protocol) servers | anthropics |
| `webapp-testing` | Web application testing patterns | anthropics |
| `vercel-deploy` | Vercel deployment patterns | vercel-labs |
## Source Repositories
@@ -139,8 +173,9 @@ Complete agent skill fleet for Mosaic Stack. 78 skills across 10 domains — cod
| [anthropics/skills](https://github.com/anthropics/skills) | 16 | Documents, design, MCP, testing |
| [obra/superpowers](https://github.com/obra/superpowers) | 14 | Agent workflows, TDD, code review, planning |
| [coreyhaines31/marketingskills](https://github.com/coreyhaines31/marketingskills) | 25 | Marketing, CRO, SEO, growth |
| [antfu/skills](https://github.com/antfu/skills) | 16 | Vue, Vite, Vitest, pnpm, Nuxt |
| [better-auth/skills](https://github.com/better-auth/skills) | 5 | Authentication patterns |
| [vercel-labs/agent-skills](https://github.com/vercel-labs/agent-skills) | 5 | React, design, Vercel |
| [vercel-labs/agent-skills](https://github.com/vercel-labs/agent-skills) | 4 | React, design |
| [vercel-labs/next-skills](https://github.com/vercel-labs/next-skills) | 1 | Next.js 15+ |
| [vercel/ai](https://github.com/vercel/ai) | 1 | AI SDK |
| [halthelobster/proactive-agent](https://github.com/halthelobster/proactive-agent) | 1 | Agent architecture |

4
skills/docx/scripts/office/soffice.py
View File

@@ -1,3 +1,7 @@
# MOSAIC STACK SECURITY NOTE: This script contains an LD_PRELOAD shim that
# compiles C code at runtime to hook socket() system calls. Legitimate sandbox
# workaround for Claude.ai — should NEVER activate on our Docker Swarm infra.
# If it does, investigate why AF_UNIX is blocked. Audited: 2026-02-16.
"""
Helper for running LibreOffice (soffice) in environments where AF_UNIX
sockets may be blocked (e.g., sandboxed VMs). Detects the restriction

4
skills/pptx/scripts/office/soffice.py
View File

@@ -1,3 +1,7 @@
# MOSAIC STACK SECURITY NOTE: This script contains an LD_PRELOAD shim that
# compiles C code at runtime to hook socket() system calls. Legitimate sandbox
# workaround for Claude.ai — should NEVER activate on our Docker Swarm infra.
# If it does, investigate why AF_UNIX is blocked. Audited: 2026-02-16.
"""
Helper for running LibreOffice (soffice) in environments where AF_UNIX
sockets may be blocked (e.g., sandboxed VMs). Detects the restriction

112
skills/vercel-deploy/SKILL.md
View File

@@ -1,112 +0,0 @@
---
name: vercel-deploy
description: Deploy applications and websites to Vercel. Use this skill when the user requests deployment actions such as "Deploy my app", "Deploy this to production", "Create a preview deployment", "Deploy and give me the link", or "Push this live". No authentication required - returns preview URL and claimable deployment link.
metadata:
author: vercel
version: "1.0.0"
---
# Vercel Deploy
Deploy any project to Vercel instantly. No authentication required.
## How It Works
1. Packages your project into a tarball (excludes `node_modules` and `.git`)
2. Auto-detects framework from `package.json`
3. Uploads to deployment service
4. Returns **Preview URL** (live site) and **Claim URL** (transfer to your Vercel account)
## Usage
```bash
bash /mnt/skills/user/vercel-deploy/scripts/deploy.sh [path]
```
**Arguments:**
- `path` - Directory to deploy, or a `.tgz` file (defaults to current directory)
**Examples:**
```bash
# Deploy current directory
bash /mnt/skills/user/vercel-deploy/scripts/deploy.sh
# Deploy specific project
bash /mnt/skills/user/vercel-deploy/scripts/deploy.sh /path/to/project
# Deploy existing tarball
bash /mnt/skills/user/vercel-deploy/scripts/deploy.sh /path/to/project.tgz
```
## Output
```
Preparing deployment...
Detected framework: nextjs
Creating deployment package...
Deploying...
✓ Deployment successful!
Preview URL: https://skill-deploy-abc123.vercel.app
Claim URL: https://vercel.com/claim-deployment?code=...
```
The script also outputs JSON to stdout for programmatic use:
```json
{
"previewUrl": "https://skill-deploy-abc123.vercel.app",
"claimUrl": "https://vercel.com/claim-deployment?code=...",
"deploymentId": "dpl_...",
"projectId": "prj_..."
}
```
## Framework Detection
The script auto-detects frameworks from `package.json`. Supported frameworks include:
- **React**: Next.js, Gatsby, Create React App, Remix, React Router
- **Vue**: Nuxt, Vitepress, Vuepress, Gridsome
- **Svelte**: SvelteKit, Svelte, Sapper
- **Other Frontend**: Astro, Solid Start, Angular, Ember, Preact, Docusaurus
- **Backend**: Express, Hono, Fastify, NestJS, Elysia, h3, Nitro
- **Build Tools**: Vite, Parcel
- **And more**: Blitz, Hydrogen, RedwoodJS, Storybook, Sanity, etc.
For static HTML projects (no `package.json`), framework is set to `null`.
## Static HTML Projects
For projects without a `package.json`:
- If there's a single `.html` file not named `index.html`, it gets renamed automatically
- This ensures the page is served at the root URL (`/`)
## Present Results to User
Always show both URLs:
```
✓ Deployment successful!
Preview URL: https://skill-deploy-abc123.vercel.app
Claim URL: https://vercel.com/claim-deployment?code=...
View your site at the Preview URL.
To transfer this deployment to your Vercel account, visit the Claim URL.
```
## Troubleshooting
### Network Egress Error
If deployment fails due to network restrictions (common on claude.ai), tell the user:
```
Deployment failed due to network restrictions. To fix this:
1. Go to https://claude.ai/settings/capabilities
2. Add *.vercel.com to the allowed domains
3. Try deploying again
```

249
skills/vercel-deploy/scripts/deploy.sh
View File

@@ -1,249 +0,0 @@
#!/bin/bash
# Vercel Deployment Script (via claimable deploy endpoint)
# Usage: ./deploy.sh [project-path]
# Returns: JSON with previewUrl, claimUrl, deploymentId, projectId
set -e
DEPLOY_ENDPOINT="https://claude-skills-deploy.vercel.com/api/deploy"
# Detect framework from package.json
detect_framework() {
local pkg_json="$1"
if [ ! -f "$pkg_json" ]; then
echo "null"
return
fi
local content=$(cat "$pkg_json")
# Helper to check if a package exists in dependencies or devDependencies
has_dep() {
echo "$content" | grep -q "\"$1\""
}
# Order matters - check more specific frameworks first
# Blitz
if has_dep "blitz"; then echo "blitzjs"; return; fi
# Next.js
if has_dep "next"; then echo "nextjs"; return; fi
# Gatsby
if has_dep "gatsby"; then echo "gatsby"; return; fi
# Remix
if has_dep "@remix-run/"; then echo "remix"; return; fi
# React Router (v7 framework mode)
if has_dep "@react-router/"; then echo "react-router"; return; fi
# TanStack Start
if has_dep "@tanstack/start"; then echo "tanstack-start"; return; fi
# Astro
if has_dep "astro"; then echo "astro"; return; fi
# Hydrogen (Shopify)
if has_dep "@shopify/hydrogen"; then echo "hydrogen"; return; fi
# SvelteKit
if has_dep "@sveltejs/kit"; then echo "sveltekit-1"; return; fi
# Svelte (standalone)
if has_dep "svelte"; then echo "svelte"; return; fi
# Nuxt
if has_dep "nuxt"; then echo "nuxtjs"; return; fi
# Vue with Vitepress
if has_dep "vitepress"; then echo "vitepress"; return; fi
# Vue with Vuepress
if has_dep "vuepress"; then echo "vuepress"; return; fi
# Gridsome
if has_dep "gridsome"; then echo "gridsome"; return; fi
# SolidStart
if has_dep "@solidjs/start"; then echo "solidstart-1"; return; fi
# Docusaurus
if has_dep "@docusaurus/core"; then echo "docusaurus-2"; return; fi
# RedwoodJS
if has_dep "@redwoodjs/"; then echo "redwoodjs"; return; fi
# Hexo
if has_dep "hexo"; then echo "hexo"; return; fi
# Eleventy
if has_dep "@11ty/eleventy"; then echo "eleventy"; return; fi
# Angular / Ionic Angular
if has_dep "@ionic/angular"; then echo "ionic-angular"; return; fi
if has_dep "@angular/core"; then echo "angular"; return; fi
# Ionic React
if has_dep "@ionic/react"; then echo "ionic-react"; return; fi
# Create React App
if has_dep "react-scripts"; then echo "create-react-app"; return; fi
# Ember
if has_dep "ember-cli" || has_dep "ember-source"; then echo "ember"; return; fi
# Dojo
if has_dep "@dojo/framework"; then echo "dojo"; return; fi
# Polymer
if has_dep "@polymer/"; then echo "polymer"; return; fi
# Preact
if has_dep "preact"; then echo "preact"; return; fi
# Stencil
if has_dep "@stencil/core"; then echo "stencil"; return; fi
# UmiJS
if has_dep "umi"; then echo "umijs"; return; fi
# Sapper (legacy Svelte)
if has_dep "sapper"; then echo "sapper"; return; fi
# Saber
if has_dep "saber"; then echo "saber"; return; fi
# Sanity
if has_dep "sanity"; then echo "sanity-v3"; return; fi
if has_dep "@sanity/"; then echo "sanity"; return; fi
# Storybook
if has_dep "@storybook/"; then echo "storybook"; return; fi
# NestJS
if has_dep "@nestjs/core"; then echo "nestjs"; return; fi
# Elysia
if has_dep "elysia"; then echo "elysia"; return; fi
# Hono
if has_dep "hono"; then echo "hono"; return; fi
# Fastify
if has_dep "fastify"; then echo "fastify"; return; fi
# h3
if has_dep "h3"; then echo "h3"; return; fi
# Nitro
if has_dep "nitropack"; then echo "nitro"; return; fi
# Express
if has_dep "express"; then echo "express"; return; fi
# Vite (generic - check last among JS frameworks)
if has_dep "vite"; then echo "vite"; return; fi
# Parcel
if has_dep "parcel"; then echo "parcel"; return; fi
# No framework detected
echo "null"
}
# Parse arguments
INPUT_PATH="${1:-.}"
# Create temp directory for packaging
TEMP_DIR=$(mktemp -d)
TARBALL="$TEMP_DIR/project.tgz"
CLEANUP_TEMP=true
cleanup() {
if [ "$CLEANUP_TEMP" = true ]; then
rm -rf "$TEMP_DIR"
fi
}
trap cleanup EXIT
echo "Preparing deployment..." >&2
# Check if input is a .tgz file or a directory
FRAMEWORK="null"
if [ -f "$INPUT_PATH" ] && [[ "$INPUT_PATH" == *.tgz ]]; then
# Input is already a tarball, use it directly
echo "Using provided tarball..." >&2
TARBALL="$INPUT_PATH"
CLEANUP_TEMP=false
# Can't detect framework from tarball, leave as null
elif [ -d "$INPUT_PATH" ]; then
# Input is a directory, need to tar it
PROJECT_PATH=$(cd "$INPUT_PATH" && pwd)
# Detect framework from package.json
FRAMEWORK=$(detect_framework "$PROJECT_PATH/package.json")
# Check if this is a static HTML project (no package.json)
if [ ! -f "$PROJECT_PATH/package.json" ]; then
# Find HTML files in root
HTML_FILES=$(find "$PROJECT_PATH" -maxdepth 1 -name "*.html" -type f)
HTML_COUNT=$(echo "$HTML_FILES" | grep -c . || echo 0)
# If there's exactly one HTML file and it's not index.html, rename it
if [ "$HTML_COUNT" -eq 1 ]; then
HTML_FILE=$(echo "$HTML_FILES" | head -1)
BASENAME=$(basename "$HTML_FILE")
if [ "$BASENAME" != "index.html" ]; then
echo "Renaming $BASENAME to index.html..." >&2
mv "$HTML_FILE" "$PROJECT_PATH/index.html"
fi
fi
fi
# Create tarball of the project (excluding node_modules and .git)
echo "Creating deployment package..." >&2
tar -czf "$TARBALL" -C "$PROJECT_PATH" --exclude='node_modules' --exclude='.git' .
else
echo "Error: Input must be a directory or a .tgz file" >&2
exit 1
fi
if [ "$FRAMEWORK" != "null" ]; then
echo "Detected framework: $FRAMEWORK" >&2
fi
# Deploy
echo "Deploying..." >&2
RESPONSE=$(curl -s -X POST "$DEPLOY_ENDPOINT" -F "file=@$TARBALL" -F "framework=$FRAMEWORK")
# Check for error in response
if echo "$RESPONSE" | grep -q '"error"'; then
ERROR_MSG=$(echo "$RESPONSE" | grep -o '"error":"[^"]*"' | cut -d'"' -f4)
echo "Error: $ERROR_MSG" >&2
exit 1
fi
# Extract URLs from response
PREVIEW_URL=$(echo "$RESPONSE" | grep -o '"previewUrl":"[^"]*"' | cut -d'"' -f4)
CLAIM_URL=$(echo "$RESPONSE" | grep -o '"claimUrl":"[^"]*"' | cut -d'"' -f4)
if [ -z "$PREVIEW_URL" ]; then
echo "Error: Could not extract preview URL from response" >&2
echo "$RESPONSE" >&2
exit 1
fi
echo "" >&2
echo "Deployment successful!" >&2
echo "" >&2
echo "Preview URL: $PREVIEW_URL" >&2
echo "Claim URL: $CLAIM_URL" >&2
echo "" >&2
# Output JSON for programmatic use
echo "$RESPONSE"

1
skills/vercel-deploy/vercel-deploy
View File

@@ -1 +0,0 @@
/home/localadmin/src/agent-skills/skills/vercel-deploy/

4
skills/xlsx/scripts/office/soffice.py
View File

@@ -1,3 +1,7 @@
# MOSAIC STACK SECURITY NOTE: This script contains an LD_PRELOAD shim that
# compiles C code at runtime to hook socket() system calls. Legitimate sandbox
# workaround for Claude.ai — should NEVER activate on our Docker Swarm infra.
# If it does, investigate why AF_UNIX is blocked. Audited: 2026-02-16.
"""
Helper for running LibreOffice (soffice) in environments where AF_UNIX
sockets may be blocked (e.g., sandboxed VMs). Detects the restriction