{"id":50573365,"url":"https://github.com/appsechq/skill-scanner-test","last_synced_at":"2026-06-04T20:01:54.461Z","repository":{"id":335663079,"uuid":"1146283550","full_name":"AppSecHQ/skill-scanner-test","owner":"AppSecHQ","description":"Skill Scanner - An automated security scanning pipeline for AI agent SKILL.md and Agent plugins in popular public skills directories.","archived":false,"fork":false,"pushed_at":"2026-05-10T08:16:53.000Z","size":2085,"stargazers_count":4,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-10T10:24:52.907Z","etag":null,"topics":["appsec","security","security-tools","skills"],"latest_commit_sha":null,"homepage":"https://skillscan.io","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AppSecHQ.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-30T21:35:44.000Z","updated_at":"2026-05-10T08:16:59.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/AppSecHQ/skill-scanner-test","commit_stats":null,"previous_names":["appsechq/skill-scanner"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/AppSecHQ/skill-scanner-test","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppSecHQ%2Fskill-scanner-test","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppSecHQ%2Fskill-scanner-test/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppSecHQ%2Fskill-scanner-test/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppSecHQ%2Fskill-scanner-test/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AppSecHQ","download_url":"https://codeload.github.com/AppSecHQ/skill-scanner-test/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppSecHQ%2Fskill-scanner-test/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33917184,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-04T02:00:06.755Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","security","security-tools","skills"],"created_at":"2026-06-04T20:01:44.808Z","updated_at":"2026-06-04T20:01:54.433Z","avatar_url":"https://github.com/AppSecHQ.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Skill Scanner Test\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://opensource.org/licenses/MIT)\n[![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)\n[![Skills Scanned](https://img.shields.io/badge/skills%20scanned-616-orange.svg)](https://skillscan.io)\n[![Website](https://img.shields.io/badge/site-skillscan.io-blue)](https://skillscan.io)\n\nAn automated security scanning pipeline for AI agent skills and plugins in public skill directories.\n\nAI agent skills -- installable packages that extend what coding assistants and AI agents can do -- are a growing attack surface. Skills can contain prompt injection, data exfiltration, command injection, and other vulnerabilities, whether introduced intentionally or by accident. This project systematically scans public skills using Cisco's open-source [skill-scanner](https://github.com/cisco-ai-defense/skill-scanner) and publishes the results.\n\n## Status\n\nThis is early-stage and evolving. The current implementation:\n\n- **Scanner:** [Cisco AI Defense skill-scanner](https://github.com/cisco-ai-defense/skill-scanner) (static + behavioral + trigger + LLM + meta-analysis)\n- **Skill registries:** [skills.sh](https://skills.sh/) and [clawhub.ai](https://clawhub.ai/)\n- **Coverage:** 614 skills scanned so far\n- **Test suite:** 77 tests passing\n\nThis could be expanded along both axes -- adding more scanners and targeting more skill directories.\n\n\u003c!-- BEGIN SCAN RESULTS --\u003e\n## Scan Results\n\n| Metric | Count |\n|--------|-------|\n| Total Skills Scanned | 650 |\n| Safe Skills | 508 (78%) |\n| Skills with Issues | 142 (22%) |\n| Total Findings | 1381 |\n\n| Severity | Count |\n|----------|-------|\n| CRITICAL | 209 |\n| HIGH | 251 |\n| MEDIUM | 714 |\n| LOW | 180 |\n\n| Category | Count |\n|----------|-------|\n| data_exfiltration | 423 |\n| command_injection | 211 |\n| social_engineering | 168 |\n| transitive_trust_abuse | 151 |\n| unauthorized_tool_use | 133 |\n| policy_violation | 91 |\n| resource_abuse | 88 |\n| prompt_injection | 53 |\n| tool_chaining_abuse | 30 |\n| hardcoded_secrets | 23 |\n| skill_discovery_abuse | 6 |\n| obfuscation | 3 |\n| autonomy_abuse | 1 |\n\n- These results are visualized at [skillscan.appsechq.com](https://skillscan.appsechq.com/). See [summary-report.md](results/summary-report.md) for detailed findings by skill, severity breakdowns, and top risks. Per-skill scan results (JSON + Markdown) are in the [`results/`](results/) directory.\n\u003c!-- END SCAN RESULTS --\u003e\n\n## Getting Started\n\nRequires Python 3.10+ and Git.\n\n```bash\ngit clone https://github.com/AppSecHQ/skill-scanner-test.git\ncd skill-scanner-test\npython -m venv .venv\nsource .venv/bin/activate\npip install -r scripts/requirements.txt\n```\n\nIf you're in a container or environment where you don't need a venv, you can skip the venv steps and install directly with `pip install -r scripts/requirements.txt --break-system-packages`.\n\n### Scan top skills from a registry\n\n```bash\n# Scan top 25 skills from skills.sh (default)\npython scripts/scan-skills.py -n 25\n\n# Scan top 10 from clawhub.ai\npython scripts/scan-skills.py --source clawhub -n 10\n\n# Scan skills 11-25 (pagination)\npython scripts/scan-skills.py -n 15 --offset 10\n\n# Enable LLM semantic analysis (requires SKILL_SCANNER_LLM_API_KEY)\npython scripts/scan-skills.py -n 25 --use-llm\n\n# Enable LLM + meta-analysis for false positive filtering\npython scripts/scan-skills.py -n 25 --use-llm --enable-meta\n```\n\n### Scan a specific repo\n\n```bash\n# Scan a single GitHub repo\npython scripts/scan-skills.py --repo owner/repo --repo-only\n\n# Scan a repo alongside top skills\npython scripts/scan-skills.py -n 10 --repo owner/repo\n```\n\n### Other options\n\n```bash\n# List skills without scanning\npython scripts/scan-skills.py --list-only -n 25\n\n# Generate report from existing results (skip fetch + scan)\npython scripts/scan-skills.py --skip-scan -o results\n\n# Custom report name\npython scripts/scan-skills.py -n 25 --report-name top-25\n\n# Verbose logging\npython scripts/scan-skills.py -n 10 -v\n```\n\nRun `python scripts/scan-skills.py --help` for the full set of options.\n\n### Running tests\n\n```bash\npython -m pytest tests/ -v\n```\n\n## Project Structure\n\n```\nscripts/\n  scan-skills.py          # Main orchestrator and CLI\n  fetch_skills.py         # API fetching from skills.sh and clawhub.ai\n  run_scans.py            # Clone, download, and scan logic\n  generate_report.py      # Aggregate results into markdown/JSON reports\n  pipeline_utils.py       # Shared utilities: logging, HTTP session management\n  requirements.txt        # Dependencies\n\ntests/                    # 77 tests across 4 modules\n  conftest.py             # Shared fixtures\n  test_run_scans.py       # Clone, download, scan, ZIP security tests\n  test_generate_report.py # Report aggregation tests\n  test_fetch_skills.py    # API fetching tests\n  test_pipeline_utils.py  # Session management and retry tests\n\nresults/\n  summary-report.md       # Consolidated findings across all skills\n  \u003cskill-name\u003e-scan.json  # Raw scan output per skill\n  \u003cskill-name\u003e-scan.md    # Readable scan report per skill\n```\n\nCloned skill repositories are kept in `skills/` locally but excluded from version control via `.gitignore`.\n\n## Known Limitations\n\n- No runtime verification -- analysis is static and semantic only\n- LLM and meta-analysis require an API key (`SKILL_SCANNER_LLM_API_KEY`); without one, scans fall back to static/behavioral/trigger only\n- Limited to skills with public source repos\n- Scanner coverage depends on the rule sets of the underlying tools\n\n## Links\n\n- [skillscan.io](https://skillscan.io/) -- interactive dashboard of scan results\n- [Cisco AI Defense skill-scanner](https://github.com/cisco-ai-defense/skill-scanner)\n- [skills.sh](https://skills.sh/)\n- [clawhub.ai](https://clawhub.ai/)\n- [Agent Skills in the Wild: An Empirical Study of Security Vulnerabilities at Scale](https://arxiv.org/abs/2601.10338) -- large-scale security analysis of 31k+ skills from skills.rest and skillsmp.com\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappsechq%2Fskill-scanner-test","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fappsechq%2Fskill-scanner-test","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappsechq%2Fskill-scanner-test/lists"}