SkillTotal
← Back to home

About SkillTotal

SkillTotal is an evidence-first, deterministic security scanner for the components an AI agent installs and trusts on your behalf — MCP servers, agent skills, and npm/PyPI packages. It reads the trust surface (tool metadata, SKILL.md, prompt/instruction text, capabilities, and data-flow) statically, never executes your code, and anchors every finding to a file and line.

Why it exists

Agents now install third-party skills and connect to MCP servers with real permissions — filesystem, shell, network, and credentials. A poisoned tool description or a hidden instruction in a skill can steer an agent without a single line of exploit code. Classic SAST and SCA were not built to read that surface. SkillTotal exists to answer one question about a component before you trust it: does it look malicious, just powerful, or clean — and why.

How it works

Detection is pure static analysis (regex + AST): reproducible for a given engine and ruleset version, safe to point at something dangerous, and free of LLM guesswork. Powerful capabilities are separated from malicious indicators, so a useful component is not mislabeled. Full method: how the analysis works.

Security & data

The engine is open source and runs offline: with the CLI, your code never leaves your machine. On this hosted site you point us at a public component and we analyze it on our servers without executing it; uploaded files are scanned and wiped, while reports for public URLs and packages are cached and may be shown to others who scan the same component. No accounts, no tracking cookies. See the Privacy Policy for hosting regions and retention.

Responsible disclosure

Found a security issue in the service or a detection gap in the engine? Email contact@skilltotal.ai (see security.txt). Detection false positives can be reported from any component report.

Open source

The full static engine and CLI are open source under Apache-2.0 — the same code runs on this site and locally. GitHub · PyPI.