
Skill Scanner
Open-source security scanner for agent skills to detect prompt injection, data exfiltration, and malicious code patterns with SARIF output.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for Skill Scanner, derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
Skill Scanner is an open-source security scanner for AI agent skills that helps developers and security teams assess whether a skill is safe to use. It detects threats such as prompt injection, data exfiltration attempts, and malicious code patterns by combining multiple analysis engines, including pattern-based detection (YAML + YARA), behavioral dataflow analysis, and LLM-assisted semantic review. It is designed for CI/CD usage and supports SARIF output for GitHub Code Scanning, enabling automated gating and actionable reports with file locations, severity, and remediation guidance. The project supports skill formats such as OpenAI Codex Skills and Cursor Agent Skills that follow the Agent Skills specification.
Key features
- agent skill scanning
- prompt injection detection
- data exfiltration detection
- yara rules
- static analysis
- dataflow analysis
- sarif reports
- github code scanning
- supply chain security
- plugin architecture
Use cases
- Scanning agent skill packages for prompt injection and data exfiltration patterns before adoption.
- Adding supply-chain security checks for agent skills in CI/CD using SARIF and exit codes.
- Detecting suspicious behaviors via dataflow analysis in skill code and configurations.
- Creating and extending custom analyzers and detection rules through a plugin architecture.