Introduction
# Skill Security Scanner
Scan skills for malicious patterns before installation. Detects credential exfiltration, suspicious network calls, obfuscated code, prompt injection, and other red flags.
## Quick Start
```bash # Scan a local skill folder python3 scripts/scan.py /path/to/skill
# Verbose output (show matched lines) python3 scripts/scan.py /path/to/skill --verbose
# JSON output (for automation) python3 scripts/scan.py /path/to/skill --json ```
## Workflow: Scan Before Install
1. Download or locate the skill folder 2. Run `python3 scripts/scan.py <skill-path> --verbose` 3. Review findings by severity (CRITICAL/HIGH = do not install) 4. Report results to user with recommendation
## Score Interpretation
| Score | Meaning | Recommendation | |-------|---------|----------------| | CLEAN | No issues found | Safe to install | | INFO | Minor notes only | Safe to install | | REVIEW | Medium-severity findings | Review manually before installing | | SUSPICIOUS | High-severity findings | Do NOT install without thorough manual review | | DANGEROUS | Critical findings detected | Do NOT install — likely malicious |
## Exit Codes
- `0` = CLEAN/INFO - `1` = REVIEW - `2` = SUSPICIOUS - `3` = DANGEROUS
## Rules Reference
See `references/rules.md` for full list of detection rules, severity levels, and whitelisted domains.
## Limitations
- Pattern-based detection — cannot catch all obfuscation techniques - No runtime analysis — only static scanning - False positives possible for legitimate tools that access network/files - Always combine with manual review for HIGH/MEDIUM findings