Security scan reveals high severity finding in AI agent find-skills tool

The find-skills tool, designed to help AI agents discover and install additional capabilities, has been flagged with a high severity security finding during a routine security scan.

What happened

A developer building out their AI agent setup used the find-skills tool to locate and install more skills. After installation, they ran a security scan on their entire setup and discovered that the find-skills tool itself returned a high severity security finding.

The developer noted: "The tool I used to find tools is the one I should've been worried about." This discovery prompted questions about overall ecosystem safety, with the developer asking: "Is anything even safe in this ecosystem?"

Key details from the source

• The developer had been building their AI agent setup for several weeks
• They used find-skills specifically to locate and install additional skills
• A security scan was performed after installation "out of mild paranoia"
• The scan revealed a high severity finding in the find-skills tool itself
• The finding raises questions about trust in the broader AI agent ecosystem

This incident highlights the importance of security practices even for tools designed to enhance functionality. When using tools that install or modify your AI agent setup, consider running security scans before and after installation to identify potential vulnerabilities.