skillspector

We have hosted the application skillspector in order to run this application in our online workstations with Wine or directly.

Quick description about skillspector:

SkillSpector is a security scanner built to evaluate AI agent skills before they are installed or trusted. It helps teams inspect skills used by tools such as Claude Code, Codex CLI, and Gemini CLI. The project focuses on detecting vulnerabilities, malicious behavior, and risky patterns that may be hidden inside skill files. It combines fast static checks with optional LLM-based semantic review for issues that require deeper intent analysis. It supports several input types, including Git repositories, URLs, zip files, folders, and individual files. It also produces practical reports with risk scores, severity labels, and recommendations that make security reviews easier to act on.

Features:

• Scans Git repositories, URLs, zip files, folders, and single files
• Detects 64 vulnerability patterns across 16 categories
• Checks for prompt injection, data exfiltration, privilege escalation, and supply chain risks
• Supports static analysis with optional LLM semantic evaluation
• Exports terminal, JSON, Markdown, and SARIF reports
• Provides a 0–100 risk score with severity labels and recommendations

Programming Language: Python.
Categories: