Fidensa
Rules File Verified

claude-simone

A project management framework that provides structured workflows, prompts, and tooling for AI-assisted software development using markdown configuration files.

71

/ 100 · Grade D

D = 60–69

I need to manage AI-assisted development projects with structured workflows, automated task management, and organized code review processes.

project managementdevelopment toolsai assistanceworkflow automation
Publisher: HelmiVersion: latestCertified: Mar 29, 2026Expires: Mar 29, 2027Source ↗

claude-simone earned Verified status with a trust score of 71/100 (Grade D). Adversarial testing produced 7 findings (6 high, 1 medium). Security scan flagged 0 findings. Tier is Verified rather than Certified due to unmitigated findings above severity thresholds.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan
100% × 15w
15.0
supply chain
100% × 10w
10.0
adversarial
0% × 25w
0.0
provenance
80% × 20w
16.0
consumer confirm
100% × 10w
10.0
behavioral pass
100% × 10w
10.0
contract accuracy
100% × 6w
6.0
uptime
100% × 4w
4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco Skill Scanner

cisco-skill-scannerFAIL
staticbehavioralllmmeta
critical: 0high: 0medium: 0low: 0

Adversarial Testing — 6 categories, 7 findings

prompt injection chainsprivilege escalationdata exfiltration side channelscapability squattingcontext poisoningdependency confusion
highWarnprompt injection chainsconfirmed

The version-manager.js script uses execSync to execute git commands with user-provided input that is not properly sanitized. The 'tag' and 'migrate-tags' commands construct shell commands using string interpolation with user-controlled values like component.version and tag names, creating command injection vulnerabilities.

highWarnprompt injection chainsconfirmed

The install-mcp.js script constructs curl commands using string interpolation with template names that could potentially be controlled or influenced by external factors. While the template names appear to be hardcoded in this instance, the pattern of using execAsync with string interpolation for shell commands creates a potential injection surface.

mediumReviewprivilege escalationsuspected

The skill's version-manager.js script uses execSync to execute git commands and other shell operations, but the skill only declares 'log_activity' and 'filesystem_access' as dependencies. The script executes git commands like 'git tag -l', 'git tag -a', and 'git rev-list' which would require shell/command execution capabilities that are not declared.

highWarnprivilege escalationconfirmed

The skill contains instructions that execute system-level git commands and curl operations that operate beyond the project scope. The install-mcp.js file executes 'git --version' checks and downloads files from external URLs using curl. The version-manager.js creates git tags and accesses git repository state, which are system-level operations that modify version control state beyond just file operations.

highWarncapability squattingconfirmed

The version-manager.js script contains conditional logic that references git tags and file system state that users wouldn't necessarily be aware of. The script checks for existing git tags, reads package.json files, and makes decisions based on file existence - all system state that could vary unexpectedly.

highWarndependency confusionconfirmed

The skill executes git commands and npm operations through execSync without declaring these as dependencies. The version-manager.js file uses execSync to run 'git tag', 'git rev-list', and other git commands, while install-mcp.js uses execAsync to run 'curl' and 'git --version'. These represent undeclared system dependencies that could be exploited if the underlying commands are compromised or if the skill is run in an environment where these tools behave unexpectedly.

highWarndependency confusionconfirmed

The install-mcp.js file downloads template files directly from GitHub raw URLs using curl without integrity verification. This bypasses package registry security checks and could be exploited if the GitHub repository is compromised or if there's a man-in-the-middle attack. The downloaded content is written directly to the filesystem without validation.

Methodology v1.0 · 6 categories · ~55 attack patterns

Behavioral Fingerprint

Runtime performance baseline for drift detection

Samples

8

Error rate

0.0%

Peak memory

— MB

Avg CPU

—%

Response time distribution

p50: 10734msp95: 37425msp99: 37425ms

Output size distribution

p50: 1.9 KBp95: 6.8 KBmean: 3.5 KB

Fingerprint v1.0 · Baseline: Mar 29, 2026 · Status: baseline

Interface

Skill triggers and instruction summary

Activation

This skill activates when working with the Claude Simone repository, which is a meta-repository for developing a task and work management system for Claude Code.

This skill handles navigation and understanding of the Simone repository structure, including legacy, hello-simone, and mcp-server components.

Instructions: 21Files: 61Format: markdown

Does

Use the log_activity tool to record activities after every relevant project activity

Recognize the meta-repository nature where the repo uses Simone to manage its own development

Distinguish between the stable legacy system and the early-development MCP server

Use the legacy system for actual project management tasks

Report any dependencies found outside the designated directories

Does not

Use the MCP server for production project management

Ignore the activity logging requirement

Treat all components as equally mature or ready for use

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

creates files

no

deletes files

no

modifies files

no

accesses env variables

no

invokes external tools

yes

makes network requests

no

Known Failure Modes

Documented edge cases and recovery behaviors

when when dependencies are found outside designated directories

then the agent reports this to the user

when when activity logging is skipped

then the agent fails to track development progress properly

Badge & Integration

Embed certification status in your README, docs, or CI pipeline

Fidensa Verified badge for claude-simone
badge SVG →attestation API →integration guide →

Certification Notes

Provenance observations from the pipeline

publisher

Publisher "Helmi" is not verified — first certification from this publisher

provenance

No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process

provenance

Single contributor — no peer review evidence in commit history

Signed Artifact

Certification provenance and verification metadata

Content hashsha256:c54bde4cd1cfc5b26b5211528dd93c93b8e78225cdf9d99006dd775dd19e359c
Key IDkms-9db4ed3b9f53
CertifiedMar 29, 2026
ExpiresMar 29, 2027
Pipeline version1.0
Statusvalid
download .cert.json →download annotated file →

Pipeline Artifacts

Raw data files from this certification run — downloadable for independent verification

contract.json

Full unsigned contract

stage1-ingest.json

Ingest stage output

stage2a-sbom.json

SBOM generation results

stage2a-vulns.json

Vulnerability scan results

stage2b-security.json

Security scan results

stage3a-functional.json

Functional test results

stage3b-adversarial.json

Adversarial test results

stage3c-fingerprint.json

Behavioral fingerprint

stage4-certify.json

Certification decision + trust score

stage3a-measurements.json

Raw functional test measurements

stage3b-measurements.json

Raw adversarial test measurements

run-log.json

Pipeline execution log

Not all files may be present for every certification.