AgentPantheon
Skill Scanner logo

Skill Scanner开源安全扫描器,检测 AI 代理技能的提示注入和恶意模式

4.7 (6)
Daniel Nikulshyn审阅者 Daniel Nikulshyn·更新 2026年5月

概览

Skill Scanner 是一款开源静态分析工具,旨在在部署前检查 AI 代理的技能和插件是否存在安全风险。它会扫描技能清单、指令以及捆绑的代码,寻找提示注入、隐藏的数据外泄企图以及可能危及代理或用户的可疑代码模式。 结果以 SARIF 格式输出,使得将发现结果集成到 CI 流水线、代码评审工作流或 GitHub 代码扫描等安全仪表盘变得简单。开发者和安全团队可以利用它来评估第三方技能、加强自身技能,并在整个 Agent 生态系统中执行基线检查。 由于该项目是开源的,规则和检测器可以扩展或定制,以适应组织特定的威胁模型和政策。

主要功能

  • 提示注入模式检测
  • 数据外泄规则集
  • 恶意代码模式扫描
  • SARIF 报告输出
  • CI/CD 管道集成
  • 可扩展的规则集

价格

模型
Freemium
评分
4.7 / 5 (6)

使用场景

在部署前验_third-party 代理技能

扫描外部技能和插件,搜索提示注入模式和可疑代码,降低被破坏的集成风险。

在 CI/CD 中实施安全门控

将 Skill Scanner集成到建造管道中,使用 SARIF 输出自动阻止那些引入风险清单或指令的拉取请求

在 GitHub 代码扫描中披露发现结果

将 SARIF 报告传输到 GitHub 代码扫描或安全仪表板,使开发者和安全团队能够在其它编码问题一起对 AI 代理技能的漏洞进行分级

使内部技能坚固自如

将可用的规则集扩展以匹配组织特定的风险特性,确保内部建造的代理技能满足数据外泄和恶意模式的基本检查

优点 & 缺点

优点

  • 免费并开源
  • 针对代理特定的威胁,例如提示注入
  • SARIF 输出集成到现有的安全工具
  • 适合 CI/CD 安全门控
  • 可定制的检测规则

缺点

  • 需要技术配置和 CLI 熟悉
  • 静态分析无法检测所有的运行时攻击
  • 覆盖度依赖于社区维护的规则集

评测

4.7

6 个评分的平均值。

5
4
4
2
3
0
2
0
1
0

登录以留下评测。

F

Fatima Zahra

Mar 22, 2026

Does the job

Pretty happy overall. Extensible rule set just works and sARIF output integrates with existing security tools. Static analysis cannot catch all runtime attacks can be annoying, but no dealbreakers — I'd recommend it to a friend without hesitating.

C

Carlos Mendoza

Mar 5, 2026

Use it every day

Honestly didn't expect to like it this much. SARIF report output is exactly what I needed, and free and open source. I do wish static analysis cannot catch all runtime attacks, but I reach for it almost every day now and it just clicks.

M

Mei-Ling Wong

Jan 26, 2026

Use it every day

Honestly didn't expect to like it this much. SARIF report output is exactly what I needed, and useful for CI/CD security gates. but I reach for it almost every day now and it just clicks.

R

Robert Ainsworth

Jan 16, 2026

Years in this space

I've evaluated a lot of these over the years. What stands out here is sARIF report output — handled better than most — and free and open source. Worth the time if this is your use case.

Y

Yuki Mori

Aug 16, 2025

Use it every day

Honestly didn't expect to like it this much. SARIF report output is exactly what I needed, and targets agent-specific threats like prompt injection. I do wish coverage depends on community-maintained rules, but I reach for it almost every day now and it just clicks.

K

Kwame Mensah

Jul 13, 2025

Solid for our team

We rolled this out across the team last quarter and useful for CI/CD security gates. Data exfiltration heuristics fits neatly into how we already work, and sARIF report output removed a step we used to do by hand. Requires technical setup and CLI familiarity, which is the main caveat, but it has held up under daily use.

问答

How much does Skill Scanner cost and what's the licensing model?

Skill Scanner is free and open source, so there are no licensing fees. You can self-host and run it as part of your own workflows, with the trade-off that you handle setup, maintenance, and any rule customization yourself.

What threats can it detect, and what are its limitations?

It performs static analysis on skill manifests, instructions, and bundled code to flag prompt injection patterns, data exfiltration heuristics, and suspicious code. As a static tool, it can't catch all runtime attacks, and detection quality depends on the community-maintained or custom rule set.

How does Skill Scanner integrate with CI/CD and existing security tooling?

It outputs findings in SARIF, the standard format consumed by tools like GitHub code scanning, security dashboards, and code review workflows. This makes it straightforward to wire into CI/CD pipelines as a security gate alongside other static analysis tools.

提问

Software Testing (QA) Agents 的替代品