Skills

sigil-scan

Installation
SKILL.md

Sigil Security Scanner

Sigil provides eight-phase security analysis purpose-built for AI agent code. It detects install hooks, dangerous code patterns, network exfiltration, credential access, obfuscation, provenance issues, prompt injection attacks, and AI skill security threats.

When to Activate

Invoke this skill in ANY of these situations:

  • Before cloning any repository with git clone
  • Before installing any package with pip install or npm install
  • When the user asks to "scan", "audit", "check", or "review" code
  • When the user asks "is this safe?" or "is this malicious?"
  • When reviewing MCP server configurations
  • When the user mentions supply chain security, dependency auditing, or code safety
  • When any unfamiliar repo, package, or skill is about to be used

Setup

Before first use, verify the Sigil CLI binary is installed:

Installs
17
Repository
nomarj/sigil-skill
GitHub Stars
1
First Seen
Mar 23, 2026
Security Audits
Gen Agent Trust HubFail
SocketWarn
SnykFail