Skills

skill-scanner

Installation
SKILL.md
Contains Shell Commands

This skill contains shell command directives (!`command`) that may execute system commands. Review carefully before installing.

Skill Security Scanner

Scan agent skills for security issues before adoption. Detects prompt injection, malicious code, excessive permissions, secret exposure, and supply chain risks.

Requires: The uv CLI for python package management, install guide at https://docs.astral.sh/uv/getting-started/installation/

Important: Run all scripts from the repository root. Script paths like scripts/scan_skill.py are relative to this skill's root directory (the directory containing this SKILL.md), not relative to the target repository.

Bundled Script

scripts/scan_skill.py

Static analysis scanner that detects deterministic patterns. Outputs structured JSON.

uv run scripts/scan_skill.py <skill-directory>

Returns JSON with findings, URLs, structure info, and severity counts. The script catches patterns mechanically — your job is to evaluate intent and filter false positives.

Installs
1.8K
Repository
getsentry/skills
GitHub Stars
827
First Seen
Feb 11, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
skill-scanner — getsentry/skills