Scan agent skills for security issues before adoption. Detects prompt injection, malicious code, excessive permissions, secret exposure, and supply chain risks.
# Skill Security Scanner
Scan agent skills for security issues before adoption. Detects prompt injection, malicious code, excessive permissions, secret exposure, and supply chain risks.
**Important**: Run all scripts from the repository root using the full path via `${CLAUDE_SKILL_ROOT}`.
## Bundled Script
### `scripts/scan_skill.py`
Static analysis scanner that detects deterministic patterns. Outputs structured JSON.
```bash
uv run ${CLAUDE_SKILL_ROOT}/scripts/scan_skill.py <skill-directory>
```
Returns JSON with findings, URLs, structure info, and severity counts. The script catches patterns mechanically — your job is to evaluate intent and filter false positives.
## Workflow
### Phase 1: Input & Discovery
Determine the scan target:
- If the user provides a skill directory path, use it directlySign in to view the full prompt.
Sign In