Agent-Skills.md

Agent Skills: Filesystem Security

Filesystem Security security skill

UncategorizedID: mgreenly/ikigai/security/filesystem

Repository

mgreenly/ikigai
mgreenlyLicense: MIT-0
1

Install this agent skill to your local

pnpm dlx add-skill https://github.com/mgreenly/ikigai/tree/HEAD/.claude/library/security/filesystem

Skill Files

Browse the full folder contents for security/filesystem.

Download Skill

Loading file tree…

.claude/library/security/filesystem/SKILL.md

Skill Metadata

Name
security/filesystem
Description
Filesystem Security security skill

Filesystem Security

File operations have race conditions, symlink attacks, and path traversal risks.

ikigai Application

Path traversal:

  • Reject paths containing .. before canonicalization
  • Use realpath() and verify result is under allowed directory
  • Never concatenate user input directly into paths

TOCTOU (Time-of-Check to Time-of-Use):

// BAD: Race between check and use
if (access(path, R_OK) == 0) { fd = open(path, O_RDONLY); }

// GOOD: Open first, then check
fd = open(path, O_RDONLY);
if (fd >= 0) { /* use fd */ }

Symlink attacks:

  • Use O_NOFOLLOW when opening files in shared directories
  • lstat() to check for symlinks before operations
  • Create temp files with mkstemp(), never mktemp()

Permissions:

  • Config files: 0600 (owner read/write only)
  • Directories: 0700
  • Check permissions before reading sensitive files
  • Set umask appropriately: umask(077)

Review red flags: access() before open(), path concatenation, missing O_NOFOLLOW, world-readable configs.