About

I’m Christopher Lusk, an independent security researcher. I build open-source security tooling and dig into vulnerabilities I find along the way. When something is worth sharing, I write about it here.

Projects

• Fluxgate — Static analyzer for GitHub Actions workflows. Detects the vulnerability class that enabled the Trivy supply chain compromise.
• WAINGRO — AI agent skill security scanner. Static analysis tool that detects malicious patterns in OpenClaw/Agent Skills format skill files. Used to audit 30,000+ skills on ClawHub.
• REAPER — RHEL Exploitation Audit for Privileged Endpoint Resources.
• 21csim — Monte Carlo counterfactual simulator for 21st century world history (2000-2100).

Contact

• GitHub: north-echo
• Email: clusk@northecho.dev (security disclosures and research)

Disclosure Policy

To report a vulnerability in software I maintain, email the address above; good-faith research conducted under coordinated disclosure norms will not be met with legal action from me.

If I’ve contacted you about a vulnerability, see the Fluxgate disclosure protocol for timelines and process.