SkillsGuard - Static Security Scanner for AI Agent Skill Packages

SkillsGuard is a static security scanner that detects malicious AI agent skill packages (SKILL.md files and bundled scripts) before they execute. With 151 regex-based detection rules across 15 categories—including prompt injection, command injection, exfiltration, and obfuscation—it decodes base64, hex, and URL-encoded payloads recursively to uncover hidden threats. It offers a CLI, MCP server integration for Claude, pre-commit hooks, a free cloud API, and outputs JSON or SARIF for CI/CD pipelines, all with zero runtime dependencies beyond Node.js. 

https://github.com/Teycir/SkillsGuard