Download
SkillSpector is a security scanner built to evaluate AI agent skills before they are installed or trusted. It helps teams inspect skills used by tools such as Claude Code, Codex CLI, and Gemini CLI. The project focuses on detecting vulnerabilities, malicious behavior, and risky patterns that may be hidden inside skill files. It combines fast static checks with optional LLM-based semantic review for issues that require deeper intent analysis. It supports several input types, including Git repositories, URLs, zip files, folders, and individual files. It also produces practical reports with risk scores, severity labels, and recommendations that make security reviews easier to act on.
Features
- Scans Git repositories, URLs, zip files, folders, and single files
- Detects 64 vulnerability patterns across 16 categories
- Checks for prompt injection, data exfiltration, privilege escalation, and supply chain risks
- Supports static analysis with optional LLM semantic evaluation
- Exports terminal, JSON, Markdown, and SARIF reports
- Provides a 0–100 risk score with severity labels and recommendations
Project Samples
Categories
SecurityLicense
Apache License V2.0Follow SkillSpector
Other Useful Business Software
Our Free Plans just got better! | Auth0
You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
Rate This Project
Login To Rate This Project
User Reviews
Be the first to post a review of SkillSpector!
