SkillTotal
← Back to home

Agent Skill Security Scanner

An agent skill — a SKILL.md plus its bundled scripts — runs inside your agent with its permissions. Paste the skill's folder, repository, or package and see what its code actually does, and whether it exceeds what it declares, before you install it.

Scan a component — free →

Skill-specific risks it catches

  • Undeclared capabilities: the skill's allowed-tools say one thing, but the bundled code shells out, reaches the network, or writes files anyway — a least-privilege violation.
  • Hidden instructions: prompt-injection or tool-poisoning text in SKILL.md that steers your agent — caught even behind look-alike or zero-width characters.
  • Dangerous bundled scripts: shell/exec, credential-path access, or decode-and-run payloads in the scripts shipped alongside the skill.

Evidence, not guesswork

Detection is deterministic (regex + AST), your code is never executed, and every finding points at the exact file and line. The declared-vs-actual check is structural — it compares the skill's own declaration to what the code does, with no LLM inferring intent.

FAQ

What is an agent skill?
An Anthropic Agent Skill is a folder with a SKILL.md (instructions plus frontmatter) and optional bundled scripts/resources, loaded by agents such as Claude Code, Gemini CLI and others. It runs with your agent's permissions.
What does “undeclared capability” mean?
A SKILL.md can declare allowed-tools — a least-privilege list. If the bundled code uses a capability those tools do not grant (for example it runs a shell while declaring only Read), SkillTotal flags the mismatch.
Does scanning install or run the skill?
No. Analysis is fully static; nothing is installed or executed. Paste a folder, a GitHub/GitLab repo URL, or a package.