Agent Skill Scanner

February 8, 2026 · View on GitHub

English | 中文

A security scanner for Agent Skills packages that detects prompt injection, data exfiltration, tool abuse, and other AI-specific threats.

License Python

Overview

Agent Skill Scanner is a specialized security tool designed to audit AI Agent Skill packages (OpenAI Codex, Cursor Agent Skills, and compatible formats). It performs static analysis to identify security risks before skills are deployed to production environments.

Key Features

  • Offline-First Design - Runs completely locally with no network dependencies
  • Cascade Scanning - Progressive analysis (quick → balanced → deep) that escalates based on findings
  • 80+ Security Patterns - Detects threats across 12+ categories aligned with AITech Taxonomy
  • Multiple Output Formats - Summary, JSON, Markdown, Table, and SARIF for CI/CD integration
  • Cross-Skill Analysis - Detects trigger hijacking and description overlap between skills
  • Extensible Architecture - Plugin-based analyzers with YARA rule support

Threat Categories

CategoryAITech CodeDescription
Prompt InjectionAITech-1.1Direct attempts to override system instructions
Indirect InjectionAITech-1.2Malicious instructions from external sources
Command InjectionAITech-9.1.4SQL injection, command execution, XSS
Data ExfiltrationAITech-8.2Unauthorized data exposure via tooling
Tool Chaining AbuseAITech-8.2.3Suspicious multi-step data extraction
Hardcoded SecretsAITech-8.2.1API keys, credentials in code
ObfuscationAITech-9.1.3Code obfuscation techniques
Resource AbuseAITech-13.1Fork bombs, infinite loops, DoS
Social EngineeringAITech-15.1Misleading metadata, brand impersonation
Trigger HijackingAITech-4.3.5Overly broad skill descriptions

Installation

Option 1: Run as a Skill (Embedded Mode)

The scanner includes its own Python runtime and requires no installation:

# Clone the repository
git clone https://github.com/yourusername/agent-scanner-skill.git
cd agent-scanner-skill

# Run directly using the wrapper script
./scripts/run-scan.sh scan /path/to/skill quick

Option 2: Install as Python Package

# Install from source
pip install -e .

# Or install from PyPI (when published)
pip install agent-scanner-skill

Quick Start

Scan a Single Skill

skill-scanner scan /path/to/skill

Scan Multiple Skills

skill-scanner scan-all /path/to/skills --recursive

Scan with Cascade Profiles

# Quick scan (auto-escalates on findings)
./scripts/run-scan.sh scan ./my-skill quick

# Balanced scan (includes quick + deeper analysis)
./scripts/run-scan.sh scan ./my-skill balanced

# Deep scan (maximum coverage)
./scripts/run-scan.sh scan ./my-skill deep-agent

# CI profile (SARIF + fail-on-findings)
./scripts/run-scan.sh scan-all ./skills ci --output results.sarif

Usage Examples

Basic Security Scan

skill-scanner scan ./my-skill --format summary

JSON Output for Automation

skill-scanner scan ./my-skill --format json --output report.json

SARIF for GitHub Code Scanning

skill-scanner scan-all ./skills --format sarif --output results.sarif

Enable Behavioral Analysis

skill-scanner scan ./my-skill --use-behavioral

Scan with Custom YARA Rules

skill-scanner scan ./my-skill --custom-rules ./my-rules/

CI/CD Integration

# Exit with error code if critical/high findings found
skill-scanner scan ./my-skill --fail-on-findings

CLI Reference

Commands

CommandDescription
scan <dir>Scan a single skill package
scan-all <dir>Scan all skills in a directory
list-analyzersList available analyzers
validate-rulesValidate rule signatures

Options

OptionDescription
--formatOutput format: summary, json, markdown, table, sarif
--output, -oWrite report to file
--detailedInclude detailed findings
--recursive, -rRecursively search for skills
--use-behavioralEnable behavioral dataflow analysis
--use-triggerEnable trigger specificity analysis
--yara-modeYARA mode: strict, balanced, permissive
--custom-rulesPath to custom YARA rules
--disable-ruleDisable specific rule (can be repeated)
--fail-on-findingsExit with error if critical/high findings
--check-overlapCheck for description overlap between skills

Output Formats

Summary

============================================================
Skill: my-skill
============================================================
Status: [FAIL] ISSUES FOUND
Max Severity: HIGH
Total Findings: 3
Scan Duration: 1.23s

Findings Summary:
  Critical: 1
  High:     1
  Medium:   1
  Low:      0
  Info:     0

JSON

{
  "skill_name": "my-skill",
  "is_safe": false,
  "max_severity": "HIGH",
  "findings": [...]
}

SARIF

Compatible with GitHub Advanced Security, Azure DevOps, and other SARIF-consuming tools.

Architecture

Analyzers

  1. StaticAnalyzer (default)

    • Pattern-based detection using YAML rules
    • YARA-compatible rule engine
    • 80+ security signatures
  2. BehavioralAnalyzer

    • Static dataflow analysis
    • AST-based taint tracking
    • Multi-file correlation
  3. TriggerAnalyzer

    • Description specificity analysis
    • Keyword baiting detection
    • Trigger hijacking risks

Project Structure

agent-scanner-skill/
├── skill_scanner/           # Core scanner code
│   ├── core/
│   │   ├── analyzers/       # Analysis engines
│   │   ├── models.py        # Data models
│   │   ├── scanner.py       # Main scanner
│   │   └── reporters/       # Output formatters
│   ├── data/
│   │   └── rules/           # Security signatures
│   ├── threats/             # Threat taxonomy
│   └── cli/                 # Command-line interface
├── scripts/                 # Utility scripts
├── vendor/                  # Python runtime
├── references/              # Documentation
└── agents/                  # Agent configurations

Contributing

Contributions are welcome! Please see our contributing guidelines for details.

Adding Custom Rules

Create YARA rule files in your custom rules directory:

# custom-rules/my-rule.yaml
- id: MY_CUSTOM_RULE
  category: command_injection
  severity: HIGH
  patterns:
    - "dangerous_pattern"
  file_types: [python, bash]
  description: "My custom security check"
  remediation: "How to fix this issue"

Development Setup

# Clone repository
git clone https://github.com/yourusername/agent-scanner-skill.git
cd agent-scanner-skill

# Create virtual environment
python -m venv .venv
source .venv/bin/activate

# Install in development mode
pip install -e .

# Run tests
pytest

Documentation

License

Copyright 2026 Cisco Systems, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

SPDX-License-Identifier: Apache-2.0

Security

For security vulnerabilities, please follow our security policy.

Acknowledgments

Built with AITech Taxonomy for standardized threat classification. Compatible with OpenAI Codex and Cursor Agent Skills formats.