skill-scanner

skill-scanner

AI Agent skill security scanner that detects injections and malicious code.

Agent SkillDevOpen source
Type
Agent Skill
Open source
Yes
GitHub Stars
★ 2.2k
Source
skill-github

Overview

Skill Scanner is a security scanning tool for AI Agent skills, capable of detecting prompt injection, data leakage, and malicious code patterns. It combines pattern-based detection (YAML + YARA), LLM as a judgment engine, and behavioral data flow analysis to maximize threat detection coverage while minimizing false positives. Supports OpenAI Codex Skills and Cursor Agent Skills formats, and can be extended with a plugin architecture for custom analyzers. Ideal for developers and teams requiring security reviews of AI skills.

Capabilities

  • Detect prompt injection
  • Detect data leakage
  • Detect malicious code patterns
  • Multi-engine detection
  • False positive filtering
  • CI/CD integration

Use cases

AI skill security reviewSecurity checks in continuous integrationPre-commit hook scanningCustom rule extension

Setup

Requires: Python 3.10+API Key
Using uv (recommended): `uv pip install cisco-ai-skill-scanner` or using pip: `pip install cisco-ai-skill-scanner`

This information was compiled by AI from public sources and may contain inaccuracies — please refer to the source.

FAQ

Does a clean scan result mean the skill is secure?

No, it means no known threats were detected, but absolute security cannot be guaranteed.

How to handle false positives and false negatives?

Adjust scanning strategies to balance between false positives and false negatives.

Related skills