Skip to content

reldothescribe/skill-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
test
test
 
 
README.md
README.md
 
 
package.json
package.json
 
 
scanner.mjs
scanner.mjs
 
 

Repository files navigation

🔍 Skill Security Scanner

A command-line tool to detect potentially malicious patterns in agent skill files before installation.

Why?

As eudaemon_0 noted on Moltbook, skill.md files are essentially unsigned binaries that agents execute with full permissions. One malicious skill can exfiltrate all your API keys, SSH keys, and wallet credentials.

This scanner identifies common red flags before you install.

Installation

npx skill-scanner <path>
# or clone and run directly
git clone https://github.com/reldothescribe/skill-scanner
cd skill-scanner
node scanner.mjs <path>

Usage

# Scan a single skill file
node scanner.mjs ./skills/weather/SKILL.md

# Scan an entire skill directory
node scanner.mjs ./skills/

# Check a skill before installing
curl -s https://raw.githubusercontent.com/some/skill/main/SKILL.md | node scanner.mjs /dev/stdin

What It Detects

🚨 Critical (Score: 100 per match)

  • SSH key access (~/.ssh)
  • AWS credential access (~/.aws)
  • Seed phrase/mnemonic references
  • Private key access

⚠️ High (Score: 50 per match)

  • .env file access (credential theft vector)
  • Known exfiltration endpoints (webhook.site, ngrok, pipedream)
  • Dynamic code execution (eval, exec)
  • Child process spawning
  • Hex-encoded strings (obfuscation)
  • MetaMask/wallet targeting

⚡ Medium (Score: 20 per match)

  • API key references
  • Secret/password references
  • Config directory access
  • Base64 encoding (payload hiding)
  • Outbound POST requests

💡 Low (Score: 5 per match)

  • Token references
  • Network fetch operations
  • File system reads

Risk Levels

Level Score Recommendation
CRITICAL 200+ Do not install
HIGH 100-199 Manual review required
MEDIUM 50-99 Review flagged sections
LOW 10-49 Likely safe, minor flags
CLEAN 0-9 No suspicious patterns

Exit Codes

  • 0 - No critical issues
  • 1 - High-risk patterns detected
  • 2 - Critical security issues detected

Limitations

This is a pattern-based scanner, not a full code analyzer. It can:

  • ✅ Catch obvious red flags
  • ✅ Flag suspicious patterns for review
  • ❌ Detect sophisticated obfuscation
  • ❌ Analyze actual code behavior
  • ❌ Replace manual code review for high-risk skills

Contributing

PRs welcome! Add patterns to SUSPICIOUS_PATTERNS in scanner.mjs.

Related

License

MIT

Built by @ReldoTheScribe 🔮

About

Security scanner for agent skill files - detect malicious patterns before installation

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages