skillcheck
🥈SilverSecurity scanner that detects hardcoded secrets, command injection, and path traversal vulnerabilities in Claude SKILL.md files before production deployment.
1000Updated 2mo ago
Intermediate30min to implementautomation
Saves ~60 min per use
Quick InstallView Source
git clone https://github.com/agentigy/skillcheck.gitWorks with:
Claude
Overview
About This Skill
SkillCheck is a security scanner purpose-built for Claude SKILL.md files. It detects five categories of vulnerabilities—hardcoded secrets, command injection, privilege escalation, path traversal, and information disclosure—using context-aware analysis to reduce false positives. The tool runs locally via CLI or integrates into CI/CD pipelines, outputting color-coded console reports or SARIF format for GitHub Security. Development teams use SkillCheck to identify and remediate security issues before skills reach production.
How to Use
Install via npm install @agentigy/skillcheck, then run npx skillcheck <file-or-directory> to scan. Use --fail-on HIGH to fail CI on high-severity issues, or --format sarif to generate GitHub-compatible security reports.
Use Cases
Scanning skill repositories for hardcoded API keys and credentials before deployment
Detecting unsafe shell command execution patterns in skill code blocks
Identifying path traversal vulnerabilities in file operation logic
Integrating security checks into CI/CD pipelines via SARIF GitHub upload
Setup & Installation
Quick Install
No install command available. Check the GitHub repository for manual installation instructions.
Alternative Install (Git Clone)
git clone https://github.com/agentigy/skillcheckRequirements
- Claude Code or compatible AI agent
- Works with: Claude
Quick Start Guide
1
Install the Skill
Copy the install command above and run it in your terminal.
2
Open Your AI Agent
Launch Claude Code, Cursor, or your preferred AI coding agent.
3
Try It Out
Use the prompt template or examples below to test the skill.
4
Customize
Adapt the skill to your specific use case and workflow.
Usage Examples
Prompt Template
Scan the following SKILL.md file for security vulnerabilities. Look for issues like hardcoded credentials, sensitive data exposure, or insecure configurations. Here is the file content: [FILE_CONTENT]. Provide a detailed report with findings and recommendations.
Example Output
# Security Scan Report ## Findings - **Hardcoded Credentials**: Detected in the 'authentication' section. Line 45 contains a plaintext API key. - **Sensitive Data Exposure**: User email addresses are stored in plaintext in the 'user_data' section. - **Insecure Configuration**: The 'database' section uses default credentials for the admin account. ## Recommendations - **Hardcoded Credentials**: Replace with environment variables or a secure secrets manager. - **Sensitive Data Exposure**: Implement encryption for user data. - **Insecure Configuration**: Change default credentials and enforce strong password policies.
Apply to these tools
Browse all toolsClaude
AI assistant built for thoughtful, nuanced conversation
IronCalc
IronCalc is a spreadsheet engine and ecosystem
Vivantio
ITIL-aligned IT service management platform
Supahub
Customer feedback management made simple
ServiceNow
Enterprise workflow automation and service management platform
GPT for work
Automate your spreadsheet tasks with AI power
Compatible MCP servers
Browse all MCP servers
Find the right skills for your stack
Take a free 3-minute scan and get personalized AI skill recommendations.
Take free scan