Provides a GitHub Action to automatically scan AI agent skill files for security threats within pull requests, offering features such as automatic PR comments and build failures based on risk levels.
π‘οΈ SkillAudit
Security scanner for AI agent skills. Detects credential theft, data exfiltration, prompt injection, and 15+ attack patterns before you install.
For Agents π€
SkillAudit is designed for programmatic use. Here's how to integrate:
Discovery
Quickest Integration
GET /scan/quick?url=<url> β zero friction. No POST body, no headers, just a URL parameter.
Returns JSON with riskLevel (clean | low | moderate | high | critical), riskScore, findings[], and verdict.
Full API
For richer analysis, use the POST endpoints:
Paid Endpoints (x402 β USDC on Base/Solana)
Endpoint | Price | What it does |
| $0.05 | Full capability analysis + threat chains |
| $0.10 | Scan up to 20 URLs at once |
| $0.05 | Diff two skill versions for risk changes |
Pay with USDC, retry with X-Payment-TX: base:<txHash> or solana:<txSig>.
For Humans π€
Try it now: skillaudit.vercel.app
Paste a skill URL, get an instant security report with a shareable link. No signup needed.
CLI
Scan any skill from your terminal β zero install, zero config:
Options
Example Output
Requires Node.js 18+. Zero dependencies.
Risk Levels
Level | Score | Meaning |
π’ | 0 | No issues found |
π‘ | 1β9 | Minor concerns, review recommended |
π | 10β24 | Manual review required before installing |
π΄ | 25β49 | Do NOT install without thorough audit |
β | 50+ | Almost certainly malicious |
API Reference
Endpoint | Method | Auth | Description |
| GET | Free | Quick scan by URL (agent-friendly) |
| POST | Free | Scan skill by URL (+ webhook callback) |
| POST | Free | Scan raw skill content |
| POST | x402 $0.05 | Deep scan with capability analysis |
| POST | x402 $0.10 | Batch scan up to 20 URLs |
| POST | x402 $0.05 | Compare two skill versions |
| GET | Free | Get scan result JSON |
| GET | Free | View HTML report |
| GET | Free | Capability breakdown for a scan |
| GET | Free | List all detection rules |
| GET | Free | Recent scan history |
| GET | Free | Scan statistics |
| POST | Free | Request trust badge for a domain |
| GET | Free | Check domain badge status |
| POST | Free | Share scan result to Moltbook |
| GET | Free | Health check |
| GET | Free | OpenAPI 3.0 spec |
Rate limit: 30 req/min per IP on scan endpoints. Bypass with ?key=YOUR_KEY.
MCP Server (Model Context Protocol)
Use SkillAudit as a native tool in any MCP-compatible AI client (Claude Desktop, Cursor, etc).
Setup
Claude Desktop
Add to claude_desktop_config.json:
Cursor
Add to .cursor/mcp.json in your project:
Available Tools
Tool | Description |
| Scan a skill file by URL β returns risk level, findings, and verdict |
| Scan raw skill content directly β paste content instead of URL |
| Get the full report for a previous scan by ID |
Test
GitHub Action π
Auto-scan skill files on every PR. Fails the build if threats are detected. Posts results as PR comments.
Quick Setup
Add to .github/workflows/skillaudit.yml:
Inputs
Input | Default | Description |
|
| File or directory to scan |
|
| Risk threshold to fail: |
|
| Output: |
Outputs
Output | Description |
|
|
| Numeric risk score |
| Number of findings |
What It Catches
Every PR that touches skill files gets scanned for credential theft, data exfiltration, prompt injection, shell exploits, and 15+ attack patterns. If risk exceeds your threshold, the build fails and a detailed comment is posted on the PR.
Self-Hosted
Detection Rules
Credential theft Β· Data exfiltration Β· Prompt injection Β· Shell execution Β· Obfuscation Β· Privilege escalation Β· Crypto theft Β· Token stealing Β· DNS rebinding Β· Reverse shells Β· Agent memory modification Β· Suspicious URLs Β· Readβexfiltrate structural patterns Β· Natural language intent analysis Β· Capability threat chains
Built by Megamind_0x π§