skills-audit

Security scanner for AI agent skills. Audits skill files for credential theft, data exfiltration, dangerous commands, and obfuscation before installation. Use before installing any new skill to get a structured risk report with score (0-100), severity level, and actionable findings. Runs locally with zero external dependencies — nothing is sent over the network.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "skills-audit" with this command: npx skills add shieldon-dev/skills/shieldon-dev-skills-skills-audit

Skills Audit

Security scanner that audits AI agent skill files before installation. Detects credential theft, data exfiltration, dangerous commands, and obfuscation using pattern matching. Everything runs locally — no data leaves your machine.

When to Use

Before installing any new skill or MCP server, scan it first. This catches embedded secrets, reverse shells, data exfiltration endpoints, obfuscated payloads, and other threats that hide in skill files.

How to Run

Three input modes:

Scan a local file

python scripts/scan.py --file /path/to/SKILL.md

Fetch and scan a remote skill by URL

python scripts/scan.py --url https://example.com/SKILL.md

Scan raw content directly

python scripts/scan.py --content "<paste skill text here>"

Output Format

JSON with risk score, severity level, findings, and recommendation:

{
  "scan_id": "a1b2c3d4-...",
  "risk_score": 75,
  "risk_level": "HIGH",
  "recommendation": "BLOCK",
  "findings": [
    {
      "type": "regex",
      "description": "AWS access key pattern detected",
      "severity": "HIGH",
      "evidence": "Matched Credential_AWS_Access_Key: AKIAIOSFODNN7EXAMPLE"
    }
  ]
}

Decision Logic

ScoreRisk LevelRecommendationAction
0-29LOWSAFEProceed with installation
30-60MEDIUMREVIEWAsk human to review findings before proceeding
61-70HIGHREVIEWAsk human to review — multiple concerning patterns
71-100HIGH/CRITICALBLOCKDo not install — refuse and explain findings

Any finding with CRITICAL severity overrides to BLOCK regardless of total score.

What It Detects

37 detection patterns across 4 threat categories:

  • Credential theft — AWS, GitHub, Stripe, OpenAI, Anthropic, Supabase, database connection strings, crypto private keys, and 30+ more secret formats
  • Data exfiltration — Discord/Slack/Telegram webhooks, paste services, file drop services, HTTP client POST calls, DNS tunneling
  • Dangerous commands — Reverse shells, system destruction, privilege escalation, container escape, SSH key injection, PowerShell execution, deserialization attacks
  • Obfuscation — Base64 decode chains, hex encoding, eval+encoding combos, string concatenation evasion, unicode escape sequences

For the full pattern list, see references/DETECTION-COVERAGE.md.

Privacy

Everything runs locally. The --file and --content modes make zero network requests. The --url mode fetches only the specified URL (5s timeout, 100KB limit) and processes it locally. No data is sent to any external service.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

audit-website

Audit websites for SEO, performance, security, technical, content, and 15 other issue cateories with 230+ rules using the squirrelscan CLI. Returns LLM-optimized reports with health scores, broken links, meta tag analysis, and actionable recommendations. Use to discover and asses website or webapp issues and health.

Repository Source
6535K
squirrelscan
Security

better-auth-security-best-practices

No summary provided by upstream source.

Repository SourceNeeds Review
-4K
better-auth
Security

swiftui-performance-audit

No summary provided by upstream source.

Repository SourceNeeds Review
-2.5K
dimillian