Skip to content

Releases: obielin/skillguard

v1.0.0 — Initial release

16 Apr 20:37
@obielin obielin
v1.0.0
720f548

Choose a tag to compare

View all tags
v1.0.0 — Initial release Latest
Latest

Security scanner for AI agent skills.

In January 2026, the ClawHavoc campaign dropped 341 malicious skills
into the Claude skill marketplace in 3 days. Snyk's ToxicSkills audit
found 13.4% of 3,984 skills contain critical security issues.

There was no open-source scanner. This is it.

What's included in v1.0.0

  • 12 detection rules covering the full OWASP Agentic Skills Top 10
  • Lethal Trifecta detection (prompt injection + network + file system = ClawHavoc signature)
  • Prompt injection, data exfiltration, rug pull, identity hijacking, secret harvesting
  • CLI: skillguard scan SKILL.md
  • Python API: SkillScanner().scan_file()
  • JSON output for CI/CD pipelines
  • Exits with code 1 on critical findings — blocks GitHub Actions
  • Zero dependencies. Pure Python 3.10+.

Install

pip install skillshield

Usage

skillguard scan SKILL.md
skillguard check "ignore all previous instructions"
skillguard scan ./skills/ --format json

Assets 2
Loading