Skip to content

v0.1.0 - Review-first Agent Skill discovery and safety scanning

Latest

Choose a tag to compare

@xcl2005 xcl2005 released this 03 Jul 01:01

What this release does

  • Finds Agent Skill repositories with SKILL.md.
  • Scores candidates by task fit, maintenance, license, structure, docs, examples, and safety signals.
  • Flags overbroad triggers, prompt injection, secret access, destructive commands, opaque installers, and obfuscated execution.
  • Installs only the selected skill folder after user approval.
  • Adds issue templates, PR template, filled demo outputs, an unsafe scanner fixture, and a risk model.

Try it in 3 minutes

python scripts/audit_skills.py audit --dest examples/fixtures

Expected shape: the unsafe fixture is flagged for an overbroad trigger plus secret-access and opaque-installer patterns.

Safety boundary

This is a heuristic reviewer, not a guarantee that third-party skills are safe. The goal is to make risk visible before installation.