2 medium findings.

This skill spawns subprocesses outside its declared capabilities plus 1 other issue listed below.

0 critical0 high2 medium10 rules passed

Why grade A?

score · 95 / 100

The current grade reflects 2 minor findings below all thresholds.

0 CRIT0 HIGH2 MED0 LOW

Already at the top grade — no further rules to pass.

Findings · ordered by severity

med

Arbitrary subprocess execution detected

The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.

rule: subprocess-executionline: 137CWE-78

▾

1351. Run `subagent_tracker.py list --active 30 --summary` (absolute path above). The output is a single block with "Here are your active subagents:" and one line per agent (Agent 1, Agent 2, … with Task X/Y when in runs.json).

1362. Paste that block **once** in your reply; do not repeat it or add a second copy of the list. Optionally run `status <sessionId>` for detail.

1373. If you add a line about completed subagents, do it once at the end. Optionally summarize in plain language: e.g. "One sub-agent is running (Kimi k2.5). It’s been active for 2m; last actions: write, exec (npm install)."← spawns a subprocess outside declared capabilities

138

139When the user says **sub-agents never come back** or **no results in chat**:

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

Scan another →Share

skillox.io/r/crawl-wnyc7v6ofoiiv4b291tu6z9e