Check any skill for hidden security risks before you install it. Instant audit, zero setup.
Paste a link to any skill folder or SKILL.md on GitHub and we'll check it for security risks.
Every scan runs the skill files through six security dimensions, looking for patterns that could indicate malicious or risky behavior.
Detects patterns that download and execute remote code without verification.
Flags attempts to send local data to external servers or covert channels.
Catches reads of API tokens, credentials, and other secret stores.
Spots modifications that could allow a skill to survive restarts.
Identifies commands that could cause irreversible data loss.
Finds encoded payloads and other attempts to hide what code actually does.
Paste any GitHub link and get a full security audit in seconds.
We pull the SKILL.md and any adjacent files from the skill folder on GitHub.
Each file is scanned against our ruleset of known risky patterns across all six dimensions.
You get a score, a verdict, and a list of findings with file and line references.