SkillsSafe Security Scanner

Name: SkillsSafe Security Scanner
Author: GUCCI-atlasv

GUCCI-atlasv/Skillssafe.com

Scan third-party AI skills for prompt injection, credential theft, and ClawHavoc-style risks before installing them in your agent stack.

Overview

SkillsSafe Security Scanner is a MCP server for the Ship phase that scans AI skills for prompt injection, credential theft, and ClawHavoc risks.

What is this MCP server?

Detects prompt injection, credential theft, and ClawHavoc-style skill threats
Free remote MCP via SSE at mcp.skillssafe.com plus optional npm stdio package skillssafe-mcp
No signup required for the hosted scanner per listing copy
GitHub source: GUCCI-atlasv/Skillssafe.com; server version 1.1.0
npm package skillssafe-mcp version 1.0.0 stdio
Transports: SSE remote and stdio

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

Solo builders install community agent skills blindly and cannot easily see prompt injection or credential-stealing instructions hidden in SKILL.md.

Who is it for?

Indie devs curating skills from skills.sh, GitHub, or unknown authors who want a quick security pass with no signup on the hosted SSE server.

Skip if: Enterprises needing formal SOC2 pen tests only, or teams that never install third-party agent skills.

What do I get? / Deliverables

After connecting the scanner MCP, you get automated skill security signals before trusting a skill in your daily agent workflow.

Connected SkillsSafe MCP (hosted SSE or local stdio)
Security scan results for target AI skills
Earlier rejection of risky skills before they run with agent permissions

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Canonical shelf is Ship security because the core job is pre-install vetting and threat detection before you trust community skills. Security subphase matches explicit detection of prompt injection, credential theft, and ClawHavoc patterns called out in the server description.

How it compares

Skill-focused security MCP scanner, not a general code SAST suite or marketplace browser.

Common Questions / FAQ

Who is SkillsSafe Scanner for?

Agent users who install third-party skills and want automated checks for injection, credential theft, and ClawHavoc-style patterns.

When should I use SkillsSafe Scanner?

Before adding a new skill to Claude Code or Cursor, and again in Ship when promoting skills into production-adjacent workflows.

How do I add SkillsSafe Scanner to my agent?

Use SSE remote https://mcp.skillssafe.com/sse or install npm package skillssafe-mcp with stdio transport per your MCP client docs.