SkillsGuard - Static Security Scanner for AI Agent Skill Packages

SkillsGuard is a static security scanner that detects malicious AI agent skill packages (SKILL.md files and bundled scripts) before they execute. With 151 regex-based detection rules across 15 categories—including prompt injection, command injection, exfiltration, and obfuscation—it decodes base64, hex, and URL-encoded payloads recursively to uncover hidden threats. It offers a CLI, MCP server integration for Claude, pre-commit hooks, a free cloud API, and outputs JSON or SARIF for CI/CD pipelines, all with zero runtime dependencies beyond Node.js. 

https://github.com/Teycir/SkillsGuard

Comments

Popular posts from this blog

Prompt Engineering Demands Rigorous Evaluation

SecObserve: Simplified Vulnerability and License Management for CI/CD Pipelines

OWASP ZAP 2.16.0 Introduces Key Updates and Enhancements