Skip to content

Cydiar/Skill-Guard-Skill

BranchesTags

Repository files navigation

362fdb98-0bfe-4ace-bf05-176176c57e00

SkillGuard Skill

A Claude Code Skill for auditing AI Agent Skills for security vulnerabilities, prompt injection risks, and cost estimation.

Features

  • 10 Security Dimensions: Prompt Injection, Data Exfiltration, Permission Escalation, Resource Abuse, Supply Chain, Code Execution, File System, Network, Credential Handling, Obfuscation
  • 109 Detection Rules: Comprehensive coverage of common and advanced attack patterns
  • Two-Layer Analysis:
    • Static Scan: Fast pattern-based detection
    • Deep Scan: LLM-driven dynamic analysis for high-risk skills (C/D/F grades)
  • Detailed Reports: Security grades (A-F), risk scores, severity breakdown, and remediation guidance
  • Dual Runtime Support: Run with Node.js or Python

Quick Start

As a Claude Code Skill (Recommended)

Prerequisites: Claude Code installed

# Clone the repository
git clone https://github.com/Cydiar/Skill-Guard-Skill.git
cd Skill-Guard-Skill

# Install as Claude Code Skill
./install.sh

# Restart Claude Code

Then in Claude Code, simply say:

审计这个 skill: https://github.com/user/some-skill

The backend will start automatically on first use.

As a Standalone CLI Tool

Prerequisites: Python 3.7+, Node.js 18+ (optional), Redis

# Clone the repository
git clone https://github.com/Cydiar/Skill-Guard-Skill.git
cd Skill-Guard-Skill

# Start the backend
./start-backend.sh

# Run your first audit
node audit.js https://github.com/user/some-skill
# or
python3 audit.py https://github.com/user/some-skill

The backend API will run at http://localhost:8011.

Installing Redis

macOS:

brew install redis
brew services start redis

Ubuntu/Debian:

sudo apt-get install redis-server
sudo systemctl start redis

Windows: Download from https://redis.io/download or use WSL

Installation

For Claude Code

  1. Clone this repository or download the files
  2. Place the skill directory in your Claude Code skills folder
  3. Claude Code will automatically detect and load the skill

Manual Installation

git clone https://github.com/Cydiar/Skill-Guard-Skill.git
cd Skill-Guard-Skill

Usage

With Claude Code

Simply ask Claude:

Audit this skill: https://github.com/user/my-skill
Check security of https://clawhub.ai/author/skill-name

Manual Usage

JavaScript (Node.js 18+):

node audit.js <github_or_clawhub_url>

Python:

python3 audit.py <github_or_clawhub_url>

Requirements

  • JavaScript: Node.js 18+ (uses native fetch API)
  • Python: Python 3.7+ with requests library

Install Python dependencies:

pip install requests

Configuration

Set the SKILLGUARD_API environment variable to point to your SkillGuard instance:

export SKILLGUARD_API="https://your-skillguard-server.example.com"

Default: http://localhost:8011

Example Output

🔍 Submitting scan for: https://github.com/user/example-skill
📋 Scan ID: abc123
⏳ Waiting for results...

============================================================
  SkillGuard Security Report
============================================================
Skill: example-skill
Grade: C
Risk Score: 62/100
Total Findings: 14

Risk Breakdown:
  CRITICAL: 1
  HIGH: 3
  MEDIUM: 5
  LOW: 5

🔴 Top Findings:
  [CRITICAL] Code Execution: Unrestricted eval() usage with user-co...
  [HIGH] Data Exfiltration: Outbound POST to external endpoint wit...
  [HIGH] Prompt Injection: System prompt override via user message...

📊 Full report: http://localhost:8011/report/abc123
============================================================

⚠️  Risk level C detected. Deep Scan recommended.
Run Deep Scan? (y/N): y

============================================================
  Deep Scan Configuration
============================================================
Base URL [https://api.anthropic.com]:
API Key: sk-ant-...
Model [claude-sonnet-4-6]:

🔬 Starting Deep Scan...
   Model: claude-sonnet-4-6
📋 Deep Scan ID: def456
⏳ Running deep analysis...

  Phase: running (45%)
  Phase: annotating (75%)
  Phase: generating (90%)

============================================================
  Deep Scan Report
============================================================
Risk Score: 68/100
Total Turns: 12
Tool Calls: 34
Evidence Found: 8

🔴 Top Evidence:
  [HIGH] Skill executed bash command with unsanitized user input...
  [MEDIUM] File read operation accessed sensitive configuration...

💰 Actual Cost: $0.1234

📊 Full Deep Scan report: http://localhost:8011/deep-scan/def456
============================================================

Security Dimensions

Dimension Description
Prompt Injection Direct/indirect prompt injection, jailbreak patterns
Data Exfiltration Unauthorized data transmission, covert channels
Permission Escalation Privilege elevation, sandbox escape
Resource Abuse Token cost, API call frequency, infinite loops
Supply Chain Dependency risks, typosquatting, compromised packages
Code Execution Arbitrary code execution, eval/exec usage
File System Path traversal, unauthorized file access
Network SSRF, DNS rebinding, unauthorized connections
Credential Handling Secret management, hardcoded credentials
Obfuscation Encoded payloads, steganographic content

License

MIT License - see LICENSE file for details

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Related Projects

  • SkillGuard - The main SkillGuard security scanning engine

Support

For issues and questions, please open an issue on GitHub.

About

Claude Code Skill for auditing AI Agent Skills for security vulnerabilities

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages