Skill Scanner
Overview
Open-source security scanner for agent skills to detect prompt injection, data exfiltration, and malicious code patterns with SARIF output.
Best For Professions:
Skill Scanner is an open-source security scanner for AI agent skills that helps developers and security teams assess whether a skill is safe to use. It detects threats such as prompt injection, data exfiltration attempts, and malicious code patterns by combining multiple analysis engines, including pattern-based detection (YAML + YARA), behavioral dataflow analysis, and LLM-assisted semantic review. It is designed for CI/CD usage and supports SARIF output for GitHub Code Scanning, enabling automated gating and actionable reports with file locations, severity, and remediation guidance. The project supports skill formats such as OpenAI Codex Skills and Cursor Agent Skills that follow the Agent Skills specification.
Autonomy level
50%
Comparisons
Custom Comparisons
Some of the use cases of Skill Scanner:
- Scanning agent skill packages for prompt injection and data exfiltration patterns before adoption.
- Adding supply-chain security checks for agent skills in CI/CD using SARIF and exit codes.
- Detecting suspicious behaviors via dataflow analysis in skill code and configurations.
- Creating and extending custom analyzers and detection rules through a plugin architecture.
Loading Community Opinions...