Skill Safety Scanner
Locally scan Agent Skill folders for hardcoded secrets, dangerous code patterns, and implied permissions before you install them.
Overview
skill-safety-scanner is an agent skill most often used in Ship (also Validate scope, Build agent-tooling) that locally grades Agent Skills for secrets, dangerous code, and permissions.
Install
npx skills add https://github.com/skillscatalog/registry --skill skill-safety-scannerWhat is this skill?
- Python `safety_scan.py` scanner (~30KB) runs offline on skill directories
- Detects hardcoded API keys, tokens, credentials, and dangerous patterns (eval, exec, injection)
- Infers required permissions: filesystem, network, subprocess
- Outputs grades comparable to the skillscatalog.ai web scanner
- Manifest documents SKILL.md plus scripts with SHA256 integrity metadata
- Scanner script safety_scan.py ~30,740 bytes
- Detects hardcoded secrets, eval/exec, and command-injection-style patterns
- Package manifest: 2 files (SKILL.md + scripts) with SHA256 integrity
Adoption & trust: 1 installs on skills.sh; 1 GitHub stars; 2/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).
What problem does it solve?
You want to install community agent skills but cannot trust opaque scripts with your keys, shell, or network.
Who is it for?
Indie builders assembling a personal skill library who need offline, repeatable scans before install.
Skip if: Full production SAST of your entire application codebase or compliance sign-off without human review of findings.
When should I use this skill?
User wants to safety-scan, audit, or grade a local Agent Skill folder before install or publish.
What do I get? / Deliverables
You get a local safety grade and finding list aligned with skillscatalog.ai so you can reject or harden skills before enabling them in your agent.
- Safety grade report aligned with skillscatalog.ai
- Findings for secrets, dangerous patterns, and inferred permissions
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Security review at Ship is where you gate third-party skills; the scanner grades risk before agents execute unknown scripts. Security subphase fits secret detection, eval/exec patterns, and permission inference aligned with skillscatalog.ai grading.
Where it fits
Grade two competing skills locally before committing to one in your stack.
Run the scanner on a new registry download the same day you add it to `.cursor/skills`.
CI-step scan of vendored skills before publishing your own skill bundle.
How it compares
Offline skill-package checker—not an MCP server and not a substitute for vendor security review of your own app.
Common Questions / FAQ
Who is skill-safety-scanner for?
Solo developers and security-conscious agent users vetting third-party SKILL.md packages and bundled scripts before adoption.
When should I use skill-safety-scanner?
At Validate when scoping which skills to trust; at Ship security before install; at Build when adding new skills to your agent toolchain.
Is skill-safety-scanner safe to install?
It includes a local Python scanner that reads skill files—review the Security Audits panel on this page and inspect `scripts/safety_scan.py` in your checkout before running on sensitive paths.
SKILL.md
READMESKILL.md - Skill Safety Scanner
{ "$schema": "https://agentskills.io/schemas/manifest.v1.json", "manifestVersion": "1.0", "generatedAt": "2026-01-03T03:32:17.221541Z", "generator": "skill-manifest-generator/1.0.0", "skill": { "name": "skill-safety-scanner", "version": "1.0.0" }, "integrity": { "algorithm": "sha256", "hash": "755a4170753b3f4301213a083dbea394bf5d6fdb4093ec740ea0e93f8ab52ed4" }, "files": [ { "path": "SKILL.md", "size": 2365, "sha256": "8bc4b067e561793b149fa365a3f28f1d3b2197b68b258fcd0cda6fdb3f879b31", "type": "manifest" }, { "path": "scripts/safety_scan.py", "size": 30740, "sha256": "f1569b792ad748f492f3646ec426b56cbb1ff6c88f43b8b412377a70ed9791fd", "type": "script" } ], "externalReferences": [ { "url": "https://hooks\\.slack\\.com/services/T[A-Z0-9", "file": "scripts/safety_scan.py", "line": 101, "type": "unknown" } ], "structure": { "maxDepth": 1, "totalFiles": 2, "totalBytes": 33105, "folders": [ "scripts" ] }, "license": { "spdxId": "MIT" } } #!/usr/bin/env python3 """ Agent Skills Safety Scanner Local safety scanner for Agent Skills. Detects: - Hardcoded secrets (API keys, tokens, credentials) - Dangerous code patterns (eval, exec, command injection) - Required permissions (filesystem, network, subprocess) Produces grades matching the skillscatalog.ai web scanner. """ import argparse import json import os import re import sys from dataclasses import dataclass, field from pathlib import Path from typing import Optional # ============================================================================ # Types and Data Classes # ============================================================================ @dataclass class Finding: dimension: str # "secret", "dangerous_code", "permission" severity: str # "critical", "high", "medium", "low", "info" title: str description: str file_path: str line_number: int code_snippet: str = "" rule_id: str = "" @dataclass class ScanResult: skill_name: str grade: str score: int secret_score: int dangerous_code_score: int permissions: list = field(default_factory=list) findings: list = field(default_factory=list) # ============================================================================ # Secret Detection Patterns (from gitleaks.ts) # ============================================================================ SECRET_PATTERNS = [ # API Keys { "id": "aws-access-key", "name": "AWS Access Key", "pattern": r"\bAKIA[0-9A-Z]{16}\b", "severity": "critical", }, { "id": "aws-secret-key", "name": "AWS Secret Key", "pattern": r"\b[A-Za-z0-9/+=]{40}\b(?=.*(?:aws|secret|key))", "severity": "critical", "flags": re.IGNORECASE, }, { "id": "github-token", "name": "GitHub Token", "pattern": r"\b(ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9]{36,}\b", "severity": "critical", }, { "id": "openai-api-key", "name": "OpenAI API Key", "pattern": r"\bsk-[A-Za-z0-9]{20,}T3BlbkFJ[A-Za-z0-9]{20,}\b", "severity": "critical", }, { "id": "anthropic-api-key", "name": "Anthropic API Key", "pattern": r"\bsk-ant-[A-Za-z0-9-]{80,}\b", "severity": "critical", }, { "id": "stripe-api-key", "name": "Stripe API Key", "pattern": r"\b(sk|pk)_(test|live)_[A-Za-z0-9]{24,}\b", "severity": "critical", }, { "id": "slack-token", "name": "Slack Token", "pattern": r"\bxox[baprs]-[A-Za-z0-9-]{10,}\b", "severity": "critical", }, { "id": "slack-webhook", "name": "Slack Webhook", "pattern": r"https://hooks\.slack\.com/services/T[A-Z0-9]+/B[A-Z0-9]+/[A-Za-z0-9]+", "severity": "high", }, { "id": "goo