Parse skill files, MCP configs, code, scripts, and referenced artifacts.
Inspired by NVIDIA SkillSpector
AI Skill Scanner Online
Free security review for agent skills and MCP tool bundles. Inspect commands, files, network behavior, secrets, and attack chains before a local agent gets authority to run them.
2public reports
0need review
Jun 29, 2026dataset
Run a scan
Combine deterministic checks with model-assisted attack-chain review.
Generate human-readable reports and machine-readable audit artifacts.
What SkillSpector changes
Agent skills deserve the same security review as code that runs on your laptop.
NVIDIA SkillSpector frames skills and MCP servers as executable supply-chain artifacts: they can ship prompts, scripts, config, tool declarations, package installs, and data access. Skill Spector turns that model into a practical web workflow: collect the source, preserve the version, surface evidence, and make the risk easy to review.
Analysis pipeline
From skill source to reviewable findings.
Collect
Accept repositories, local folders, archives, SKILL.md files, MCP configuration, or pasted skill text.
Normalize
Inventory Markdown, Python, JavaScript, shell scripts, package metadata, and remote references.
Detect
Look for command execution, network access, credential handling, persistence, exfiltration, and prompt-injection risk.
Explain
Group evidence into findings, severity, risk score, recommendations, and reproducible source metadata.
Command execution
Flags shell execution, dynamic code patterns, install scripts, and other instructions that can run commands on a user machine.
Suspicious source files
Summarizes Markdown, scripts, archives, and executable files so reviewers can see what belongs in the skill package.
Secrets and downloads
Highlights credential-like strings, remote download commands, network access, and patterns that deserve manual inspection.
GitHub commit tracking
Public GitHub reports store the repository, source path, and scanned commit so future readers know exactly what was reviewed.
Detection map
Checks shaped around how agent skills actually gain power.
Instead of treating a skill as plain documentation, the scanner looks at the trust boundary it creates: what it asks the agent to do, which tools it exposes, where data can move, and whether the package can alter the local environment.
Arbitrary execution
Shell calls, subprocess use, install hooks, unsafe eval, and instructions that ask an agent to execute untrusted code.
Network and exfiltration
Downloads, callbacks, remote payload loading, webhook-style endpoints, and unusual outbound access patterns.
Secrets and local files
Credential-like strings, environment variable access, SSH keys, token handling, and broad filesystem reads.
Attack-chain context
Findings are written as reviewable chains so a maintainer can see how a harmless-looking step becomes risky.
MCP configuration
Reviews server definitions, tool surfaces, local command launchers, and configuration that expands an agent's authority.
Severity scoring
Risk scores separate informational review notes from high-risk behavior that needs manual inspection before installation.
For maintainers and teams
Reports that are useful after the first scan.
SkillSpector-style review is strongest when it becomes repeatable. Keep an auditable report for each source version, compare later changes, and give reviewers enough context to decide whether a finding is a blocker, a warning, or accepted risk.
JSON reports
Structured output for CI, dashboards, public report libraries, or downstream review workflows.
HTML summaries
Readable findings with evidence, severity, confidence, remediation, and source traceability.
Baseline suppression
Known findings can be baselined so teams can focus on new risk introduced by later changes.
Latest public reports
Open-source GitHub scans become crawlable reports with risk scores, findings, component lists, and source version history.
| Skill | Severity | Score | Commit | Scanned |
|---|---|---|---|---|
| baoyu-cover-imageJimLiu | LOW | 8/100 | c9a50cc908d0 | 6/29/2026 |
| algorithmic-artanthropics | LOW | 0/100 | 35414756ca55 | 6/29/2026 |
Security guides
Learn how to review an AI agent skill.
Use these topics as the foundation for the content side of the site: practical, search-friendly explanations that link naturally into scanner results.
How to review a SKILL.md file
What to check before installing an agent skill from GitHub or a community directory.
Common unsafe patterns in AI skills
Shell commands, download pipelines, credential handling, and prompts that widen the trust boundary.
FAQ
AI skill scanner questions
What inputs can I scan?
Git repositories, SKILL.md URLs, zip URLs, local Markdown files, zip uploads, and pasted SKILL.md text.
Are GitHub reports public?
Public GitHub skills can be added to the report library automatically after scanning, including the scanned commit for traceability.
Is this a malware verdict?
No. The report is a security review aid. Treat high-risk findings as review prompts before trusting a skill with local tools or credentials.
How does this relate to NVIDIA SkillSpector?
The page follows SkillSpector's public project model: inspect agent skills and MCP surfaces as executable artifacts, then report risky behaviors with evidence.
Can teams use results in CI?
Yes. Structured reports and baselines make it possible to track new findings over time instead of re-reviewing every known warning by hand.