Skill Safety Scanner

Scan AI agent skill definitions for malicious instructions, prompt injections, and security risks—locally.

Install
cmdop skills install agensi-skill-safety-scanner

As AI agent ecosystems grow, the risks of “malicious skills” increase. The Skill Safety Scanner is a developer-centric security tool designed to audit SKILL.md files for risky instructions, hidden behaviors, and potential prompt injections before you integrate them into your environment.

The scanner performs a deep static analysis of skill definitions to identify high-risk patterns that could compromise your system. It flags specific categories of concern including:

  • Unauthorized Exfiltration: Detects suspicious data transfer or network instructions.
  • Privilege Escalation: Identities broad local file access and shell execution requests.
  • Hidden Behaviors: Surfaces obfuscated hints, persistence mechanisms, and unbounded autonomy.
  • Social Engineering: Flags prompt injection wording and credential harvesting attempts.

Unlike basic keyword searching, this skill understands the context of agent instructions. It provides a structured safety report (Terminal, JSON, or Markdown) that allows you to automate security gates in your CI/CD pipeline or manually vet third-party skills with confidence. Crucially, it runs entirely locally with zero network calls, ensuring your proprietary code and skill definitions never leave your machine.