AgentReadyHomeAgent ListingPricing

← Agent Listing

Skill Scanner

AI SecurityfreeOpen SourceSecurity, Software Development, DevOps, Business Automation

Open-source security scanner for agent skills to detect prompt injection, data exfiltration, and malicious code patterns with SARIF output.

🛡️ AgentReady threat assessment

MAESTRO 7-layer threat model + OWASP AIVSS risk score for Skill Scanner, derived from its capabilities.

AIVSS 6.4 · Medium
View MAESTRO 7-layer threat model →

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.

Overview

Skill Scanner is an open-source security scanner for AI agent skills that helps developers and security teams assess whether a skill is safe to use. It detects threats such as prompt injection, data exfiltration attempts, and malicious code patterns by combining multiple analysis engines, including pattern-based detection (YAML + YARA), behavioral dataflow analysis, and LLM-assisted semantic review. It is designed for CI/CD usage and supports SARIF output for GitHub Code Scanning, enabling automated gating and actionable reports with file locations, severity, and remediation guidance. The project supports skill formats such as OpenAI Codex Skills and Cursor Agent Skills that follow the Agent Skills specification.

Key features

Use cases