Download
SkillSpector is a security scanner built to evaluate AI agent skills before they are installed or trusted. It helps teams inspect skills used by tools such as Claude Code, Codex CLI, and Gemini CLI. The project focuses on detecting vulnerabilities, malicious behavior, and risky patterns that may be hidden inside skill files. It combines fast static checks with optional LLM-based semantic review for issues that require deeper intent analysis. It supports several input types, including Git repositories, URLs, zip files, folders, and individual files. It also produces practical reports with risk scores, severity labels, and recommendations that make security reviews easier to act on.
Features
- Scans Git repositories, URLs, zip files, folders, and single files
- Detects 64 vulnerability patterns across 16 categories
- Checks for prompt injection, data exfiltration, privilege escalation, and supply chain risks
- Supports static analysis with optional LLM semantic evaluation
- Exports terminal, JSON, Markdown, and SARIF reports
- Provides a 0–100 risk score with severity labels and recommendations
Project Samples
Categories
SecurityLicense
Apache License V2.0Follow SkillSpector
Other Useful Business Software
$300 Free Credits to Build on Google Cloud
Start your next project with $300 in free Google Cloud credit. Spin up VMs, run containers, query petabytes in BigQuery, or build agents with Gemini Enterprise Agent Platform. Once your credits are used, keep building with 20+ always-free tier products including Compute Engine, Cloud Storage, GKE, and Cloud Run functions. No commitment required—just sign up and start building.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of SkillSpector!
