huta0kj/skill-scanner-agent — explained in plain English
Analysis updated 2026-05-18
Automatically review a SKILL directory for security risks before allowing it to run.
Generate a written overview report explaining what a skill does.
Audit script files inside a skill for code level vulnerabilities.
Produce consistent security documentation across a collection of skills.
| huta0kj/skill-scanner-agent | kkdai/linebot-multimodal-rag | markmamed/imu-surgical-intention-perception | |
|---|---|---|---|
| Stars | 31 | 31 | 31 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | hard | hard |
| Complexity | 3/5 | 4/5 | 4/5 |
| Audience | developer | developer | researcher |
Figures from each repo's GitHub metadata at analysis time.
Requires API keys for at least one supported LLM model in config.yaml.
Skill Scanner Agent is an automated security auditing tool that scans SKILL directories for potential security risks. SKILL here refers to a specific type of directory structure containing a SKILL.md file and associated scripts. The tool uses AI language models to read through the directory, understand what the skill does, and then check the included script files for security vulnerabilities, producing written reports of its findings. The workflow runs in three steps. First it validates the SKILL directory and extracts basic information about it. Then an AI agent generates an overview report summarizing what the skill does from a security perspective. Finally, another AI agent reviews any script files found in the directory and produces a code security audit. Each of these steps can be handled by a different AI model, which you configure in a settings file. Reports are saved as markdown files and can be output in either English or Chinese. You would use this when you are responsible for reviewing skills or plugins before allowing them to run, and you want an automated first pass at identifying security concerns without reading every line of code yourself. It is particularly relevant for teams managing collections of SKILL-based tools and wanting consistent security documentation. The tech stack is Python with LangGraph for workflow orchestration, LangChain for AI model integration, and Typer for the command line interface.
An AI powered tool that scans SKILL directories and produces written security audit reports.
Mainly Python. The stack also includes Python, LangGraph, LangChain.
Use freely for any purpose, including commercial use, as long as you keep the copyright notice.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.