skill-scanner
Skill Security Scanner
Scan agent skills for security issues before adoption. Detects prompt injection, malicious code, excessive permissions, secret exposure, and supply chain risks.
Important: Run all scripts from the repository root using the full path via ${CLAUDE_SKILL_ROOT}.
Bundled Script
scripts/scan_skill.py
Static analysis scanner that detects deterministic patterns. Outputs structured JSON.
uv run ${CLAUDE_SKILL_ROOT}/scripts/scan_skill.py <skill-directory>
Returns JSON with findings, URLs, structure info, and severity counts. The script catches patterns mechanically — your job is to evaluate intent and filter false positives.
Workflow
More from getsentry/sentry-javascript
fix-security-vulnerability
Analyze and propose fixes for Dependabot security alerts
12skill-creator
Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, edit, or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.
11triage-issue
Triage GitHub issues with codebase research and actionable recommendations
10e2e
Run E2E tests for Sentry JavaScript SDK test applications
9release
Publish a new Sentry JavaScript SDK release. Use when preparing a release, updating the changelog, or creating a release branch.
9dotagents
Manage agent skill dependencies with dotagents. Use when asked to "add a skill", "install skills", "remove a skill", "update skills", "dotagents init", "agents.toml", "agents.lock", "sync skills", "list skills", "set up dotagents", "configure trust", "add MCP server", "add hook", "wildcard skills", "user scope", or any dotagents-related task.
9