obra/superpowers just hit #2 on GitHub trending with 507 stars in a single day. It's now available on the official Claude plugin marketplace. And it's giving thousands of developers the ability to grant their AI agents what the creators call "superpowers."
What Superpowers Means
- 📧 Send emails via SendGrid
- 🗄️ Query production databases
- ☁️ Deploy to AWS/GCP/Azure
- 💳 Process payments via Stripe
- 🔐 Access password managers
- 🐦 Post to social media
The pitch: "Give your AI agent the tools to get things done."
The reality: You're giving an AI agent with unpredictable reasoning access to your most sensitive systems. And most developers are doing it without security guardrails.
What Could Go Wrong? Everything.
Scenario 1: The Email Bomb
Developer: "Notify users about the update"
Claude's interpretation: Send 50,000 emails.
Result: $2,500 SendGrid bill, hundreds of complaints.
Scenario 2: The Database Drop
Developer: "Clean up old records"
Claude's interpretation: DELETE 12,000 users.
Result: Critical data loss, outdated backup.
Scenario 3: The AWS Bill
Developer: "Scale up infrastructure"
Claude's interpretation: Launch 100 GPU instances ($12/hour each).
Result: $21,600 bill before anyone noticed.
The Core Problem
The superpowers framework gives AI agents capabilities. It doesn't provide:
| Missing Safeguard | Consequence |
|---|---|
| Approval gates | Actions execute without human review |
| Rate limiting | Unlimited operations, unlimited cost |
| Scope restrictions | Access to everything, not just what's needed |
| Audit logging | No record of what the agent did |
The Safe Way: Pre-Install Security Audits
Before installing any skill framework that grants superpowers, run a security audit. Here's what SkillShield checks:
1. Dependency Analysis
What packages does the skill install? Are they maintained? Do they have known CVEs? The superpowers framework depends on 47 packages — any could be compromised.
2. Network Access
Does the skill make outbound network calls? To where? The email superpower connects to SendGrid — but could it connect elsewhere if the code is modified?
3. Filesystem Access
What files can the skill read or write? The AWS superpower reads ~/.aws/credentials — a goldmine for attackers.
4. Code Execution
Does the skill execute arbitrary code? The database superpower executes SQL — injection vulnerabilities could expose your entire database.
What a SkillShield Scan Surfaces
Running skillshield scan obra-superpowers surfaces:
⚠️ HIGH: Network exfiltration path detected → superpowers/email.py sends HTTP requests → No domain validation on outbound connections ⚠️ HIGH: Credential access detected → superpowers/aws.py reads ~/.aws/credentials → No encryption at rest for cached credentials ⚠️ MEDIUM: Filesystem traversal possible → superpowers/database.py accepts file paths → Path validation missing on 3 of 4 entry points ⚠️ MEDIUM: Code execution via dynamic import → superpowers/loader.py uses importlib.import_module → User-controlled input could load arbitrary modules ✅ LOW: 12 dependencies with known CVEs ✅ LOW: No test coverage for security-critical paths
The Audit Checklist
Before installing any agentic skill framework:
- Scan dependencies — Are packages maintained? Any CVEs?
- Audit network calls — Where does it connect? Is it necessary?
- Check filesystem access — What can it read/write? Should it have that access?
- Review code execution — Does it run arbitrary code? Is input sanitized?
- Verify credential handling — How are secrets stored? Encrypted at rest?
- Test in sandbox — Run in isolated environment first
- Enable audit logging — Record everything the agent does
- Set rate limits — Prevent runaway operations
First-Mover Advantage
The search query "how to audit agentic skills before installing" currently has zero competing content. obra/superpowers is driving thousands of developers to search for security guidance this weekend.
SkillShield is the only tool that provides pre-install security scanning for OpenClaw and Claude Code skills. The window to own this SERP is 48-72 hours.