
Skill ScannerOpen-source security scanner that audits AI agent skills for prompt injection and malicious patterns.
Översikt
Nyckelfunktioner
- Prompt injection pattern detection
- Data exfiltration heuristics
- Malicious code pattern scanning
- SARIF report output
- CI/CD pipeline integration
- Extensible rule set
Priser
- Modell
- Freemium
- Kategori
- Software Testing (QA) Agents
- Betyg
- 4.7 / 5 (6)
Användningsfall
Vet third-party agent skills before deployment
Scan external skills and plugins for prompt injection patterns and suspicious code before adding them to your AI agent, reducing the risk of compromised integrations.
Enforce security gates in CI/CD
Integrate Skill Scanner into build pipelines using its SARIF output to automatically block pull requests that introduce risky skill manifests or instructions.
Surface findings in GitHub code scanning
Pipe SARIF reports into GitHub code scanning or security dashboards so developers and security teams can triage agent skill vulnerabilities alongside other code issues.
Harden in-house skills with custom rules
Extend the rule set to match organization-specific threat models, ensuring internally built agent skills meet baseline checks for data exfiltration and malicious patterns.
Fördelar och nackdelar
Fördelar
- Free and open source
- Targets agent-specific threats like prompt injection
- SARIF output integrates with existing security tools
- Useful for CI/CD security gates
- Customizable detection rules
Nackdelar
- Requires technical setup and CLI familiarity
- Static analysis cannot catch all runtime attacks
- Coverage depends on community-maintained rules
Recensioner
Genomsnitt från 6 betyg.
Logga in för att lämna en recension.
Does the job
Pretty happy overall. Extensible rule set just works and sARIF output integrates with existing security tools. Static analysis cannot catch all runtime attacks can be annoying, but no dealbreakers — I'd recommend it to a friend without hesitating.
Use it every day
Honestly didn't expect to like it this much. SARIF report output is exactly what I needed, and free and open source. I do wish static analysis cannot catch all runtime attacks, but I reach for it almost every day now and it just clicks.
Use it every day
Honestly didn't expect to like it this much. SARIF report output is exactly what I needed, and useful for CI/CD security gates. but I reach for it almost every day now and it just clicks.
Years in this space
I've evaluated a lot of these over the years. What stands out here is sARIF report output — handled better than most — and free and open source. Worth the time if this is your use case.
Use it every day
Honestly didn't expect to like it this much. SARIF report output is exactly what I needed, and targets agent-specific threats like prompt injection. I do wish coverage depends on community-maintained rules, but I reach for it almost every day now and it just clicks.
Solid for our team
We rolled this out across the team last quarter and useful for CI/CD security gates. Data exfiltration heuristics fits neatly into how we already work, and sARIF report output removed a step we used to do by hand. Requires technical setup and CLI familiarity, which is the main caveat, but it has held up under daily use.
Frågor
How much does Skill Scanner cost and what's the licensing model?
Skill Scanner is free and open source, so there are no licensing fees. You can self-host and run it as part of your own workflows, with the trade-off that you handle setup, maintenance, and any rule customization yourself.
What threats can it detect, and what are its limitations?
It performs static analysis on skill manifests, instructions, and bundled code to flag prompt injection patterns, data exfiltration heuristics, and suspicious code. As a static tool, it can't catch all runtime attacks, and detection quality depends on the community-maintained or custom rule set.
How does Skill Scanner integrate with CI/CD and existing security tooling?
It outputs findings in SARIF, the standard format consumed by tools like GitHub code scanning, security dashboards, and code review workflows. This makes it straightforward to wire into CI/CD pipelines as a security gate alongside other static analysis tools.
Ställ en fråga
Alternativ till Software Testing (QA) Agents
CarbonCopies AI
Software Testing (QA) Agents
AI‑twins imiterar användarinteraktioner för att köra automatiserad UX‑/funktionskontroll och upptäcka buggar i appar/webbplatser.
Diffblue Cover
Software Testing (QA) Agents
En självständig AI-agent som genererar och underhåller Java enhetstester på stor skala med garanterad precisnost.
PentAGI
Software Testing (QA) Agents
Öppen-sources autonomiska penetrationstestagenter som körs på 20+ säkerhetsverktyg i en isolerad Docker-sandbox med minne och webbintelligens.
Flowtest AI
Software Testing (QA) Agents
En kognitiv agent som övervakar webbplatser genom att simulera verkliga användarsamtal för att detektera problem och säkerställa tillgänglighet.
Keploy
Software Testing (QA) Agents
En öppen källkods-AI-agent som auto-genererar och underhåller enhets-, integrations- och API-tester med mock-objekt.
Trending now
Claude
AI Agents & Chatbots
Konversationsbaserad AI‑assistent från Anthropic för skrivande, analys, kodning och dokumentuppgifter
LeanSentry
Software Development
AI-drivna diagnostik- och övervakningstjänster för prestandaproblem i IIS och ASP.NET
Doozer Ai
Sales Agent
Digitala samarbetspartners som automatiskt effektiviserar operativa flöden för att öka teamets effektivitet.
Consistent Character AI
Images
Generera konsekventa AI-karaktärer över scener från en enda referensbild.








