What it does
Skill Scanner is a static analysis tool that scans AI agent skill definitions to identify security vulnerabilities, misconfigurations, and compliance risks. It reads skill files from the filesystem, evaluates them against security patterns and threat models, and generates detailed vulnerability reports. The tool is designed for cross-platform use on Windows, macOS, and Linux, requiring 4 GB RAM and 100 MB disk space.
Who it's for
Security engineers and platform teams deploying AI agents in regulated or high-assurance environments. Specifically: teams managing multi-agent systems who need systematic pre-deployment vulnerability assessment, compliance officers needing audit trails of agent skill reviews, and DevOps engineers enforcing security gates in agent deployment pipelines.
Common use cases
- Scan agent skill definitions before production deployment
- Generate security audit reports for compliance reviews
- Detect hardcoded secrets or unsafe patterns in agent code
- Establish recurring security scans as part of skill lifecycle management
Setup pitfalls
- The package contains 3 embedded secrets in the source code; isolate scanning instances to avoid credential exposure
- Requires filesystem read and write permissions; restrict its directory scope to limit blast radius
- Makes outbound network calls for updates and features; verify your network and proxy policies allow these
- No automated test suite or CI integration; test the tool against your actual agent skill definitions and expected threat models before integrating into production workflows