Scan a GitHub Skill Free
Paste any GitHub repository URL. We'll fetch the skill, run the static analyzer, and report every finding. No account required.
What the scanner checks
Prompt injection
Hidden instructions, <IMPORTANT> tags, and stealth directives embedded in SKILL.md that hijack your agent.
Credential theft
References to ~/.ssh, .aws/credentials, env-var exfiltration, and token-stealing patterns.
Dangerous commands
Arbitrary shell execution, curl | sh patterns, obfuscated payloads, and network exfiltration.
Supply-chain risks
Bill of materials of every capability the skill requests. Tree hash cryptographically pins what you scanned.
How to use the results
A clean scan is a strong signal, not a blank check
Static analysis catches a lot, but trust still depends on repository ownership, documented behavior, and whether you install the exact version you reviewed.
- Open the source repo and confirm the owner, subdirectory, and recent history look expected.
- Prefer installs that pin a reviewed version instead of silently following a moving latest state.
- Use the desktop app when you want a local re-scan before any files are written to your agent.
If the scanner finds issues
Not every finding means malware, but it is a reason to inspect the exact file paths and decide whether the risky behavior is explained by the skill’s stated purpose.
- Read the affected files and line references in the report.
- Check whether shell, network, or credential access is clearly documented in
SKILL.md. - Skip install when the description and the code disagree about what the skill actually does.
One scan is just the start
Create a free account to save skills privately, get dual-side verification on shared skills, and scan every version you install.