{"id":47187518,"url":"https://github.com/qualixar/skillfortify","last_synced_at":"2026-03-27T15:00:34.698Z","repository":{"id":340818478,"uuid":"1167593455","full_name":"qualixar/skillfortify","owner":"qualixar","description":"First formal security scanner for AI agent skills \u0026 plugins. Static analysis, supply chain verification, SBOM generation. 22 frameworks supported including MCP, LangChain, CrewAI.","archived":false,"fork":false,"pushed_at":"2026-03-06T17:10:57.000Z","size":646,"stargazers_count":5,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-06T20:49:17.701Z","etag":null,"topics":["agent-skills","ai-agents","cyclonedx","formal-methods","mcp","sbom","security","static-analysis","supply-chain-security"],"latest_commit_sha":null,"homepage":"https://pypi.org/project/skillfortify/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qualixar.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-26T13:19:33.000Z","updated_at":"2026-03-06T17:25:33.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/qualixar/skillfortify","commit_stats":null,"previous_names":["varun369/skillfortify"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/qualixar/skillfortify","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qualixar%2Fskillfortify","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qualixar%2Fskillfortify/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qualixar%2Fskillfortify/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qualixar%2Fskillfortify/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qualixar","download_url":"https://codeload.github.com/qualixar/skillfortify/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qualixar%2Fskillfortify/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31048255,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-27T09:35:52.079Z","status":"ssl_error","status_checked_at":"2026-03-27T09:35:20.916Z","response_time":164,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-skills","ai-agents","cyclonedx","formal-methods","mcp","sbom","security","static-analysis","supply-chain-security"],"created_at":"2026-03-13T10:00:37.740Z","updated_at":"2026-03-27T15:00:34.690Z","avatar_url":"https://github.com/qualixar.png","language":"Python","funding_links":[],"categories":["[▲](#keywords) Code"],"sub_categories":[],"readme":"# SkillFortify\n\n\u003e Supply chain security scanner for AI agent skills -- supports 22 frameworks.\n\n[![PyPI version](https://img.shields.io/pypi/v/skillfortify.svg)](https://pypi.org/project/skillfortify/)\n[![Tests](https://img.shields.io/github/actions/workflow/status/qualixar/skillfortify/ci.yml?label=tests)](https://github.com/qualixar/skillfortify/actions)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n[![Python 3.11+](https://img.shields.io/badge/python-3.11%2B-blue.svg)](https://www.python.org/downloads/)\n\n**[Website](https://www.superlocalmemory.com/skillfortify)** | **[PyPI](https://pypi.org/project/skillfortify/)** | **[Paper (arXiv)](https://arxiv.org/abs/2603.00195)** | **[Wiki](https://github.com/qualixar/skillfortify/wiki)**\n\n---\n\n## One Command. Every Framework.\n\n```bash\npip install skillfortify\nskillfortify scan                # Auto-discovers all AI tools on your system\nskillfortify scan ./my-project   # Scan a specific project\nskillfortify dashboard           # Generate HTML security report\n```\n\nSkillFortify formally analyzes agent skill safety using sound static analysis. If SkillFortify reports no violations, the capability bounds in the formal model are assured. Unlike heuristic scanners where absence of findings does not mean absence of risk, SkillFortify provides mathematically grounded security guarantees.\n\n---\n\n## Supported Frameworks (22)\n\n| # | Framework | Detection |\n|---|-----------|-----------|\n| 1 | **Claude Code Skills** | `.claude/` directory |\n| 2 | **MCP Servers** | `mcp.json`, `mcp_config.json`, deep server scan |\n| 3 | **OpenClaw Skills** | `.claw/` directory |\n| 4 | **LangChain Tools** | `langchain` imports, `BaseTool`, `@tool` |\n| 5 | **CrewAI Tools** | `crew.yaml`, `crewai` imports |\n| 6 | **AutoGen Tools** | `autogen` imports, `register_for_llm` |\n| 7 | **OpenAI Agents SDK** | `openai-agents` configurations |\n| 8 | **Google ADK** | `google-adk` configurations |\n| 9 | **Dify** | Dify workflow and plugin definitions |\n| 10 | **Composio** | Composio tool integrations |\n| 11 | **Semantic Kernel** | Microsoft Semantic Kernel plugins |\n| 12 | **LlamaIndex** | LlamaIndex tool abstractions |\n| 13 | **n8n** | n8n workflow node definitions |\n| 14 | **Flowise** | Flowise chatflow configurations |\n| 15 | **Mastra** | Mastra agent tool definitions |\n| 16 | **PydanticAI** | PydanticAI tool decorators |\n| 17 | **Agno** | Agno agent configurations |\n| 18 | **CAMEL-AI** | CAMEL-AI tool integrations |\n| 19 | **MetaGPT** | MetaGPT action and tool definitions |\n| 20 | **Haystack** | Haystack component definitions |\n| 21 | **Anthropic Agent SDK** | Anthropic agent tool configurations |\n| 22 | **Custom Skills** | User-defined skill manifests (YAML/JSON) |\n\nAll frameworks are parsed into a unified representation for consistent analysis, trust scoring, and SBOM generation.\n\n---\n\n## Quick Start\n\n### Install\n\n```bash\npip install skillfortify                 # Core scanner\npip install skillfortify[registry]       # + marketplace scanning\npip install skillfortify[all]            # Everything\n```\n\n### System-Wide Scan\n\nRun `skillfortify scan` with no arguments to automatically discover every AI agent tool installed on your system -- Claude Code, Cursor, VS Code extensions, Windsurf, and more:\n\n```bash\nskillfortify scan\n```\n\n```\nDiscovering AI tools on this system...\n  Found: Claude Code skills       (12 skills in ~/.claude/skills/)\n  Found: MCP servers              (8 servers in ~/.cursor/mcp.json)\n  Found: VS Code MCP configs      (3 servers in ~/.vscode/mcp.json)\n  Found: Windsurf MCP configs     (2 servers)\n\nScanning 25 skills across 4 locations...\n\n+----------------------+--------+-----------+----------+--------------+\n|       Skill          | Source |  Status   | Findings | Max Severity |\n+----------------------+--------+-----------+----------+--------------+\n| deploy-automation    | Claude |   SAFE    |        0 | -            |\n| data-export          | Claude |  UNSAFE   |        2 | HIGH         |\n| postgres-server      | MCP    |   SAFE    |        0 | -            |\n| file-manager         | MCP    |  WARNING  |        1 | MEDIUM       |\n+----------------------+--------+-----------+----------+--------------+\n25 skills scanned | 22 safe | 2 unsafe | 1 warning | 5 total findings\n```\n\n### Project Scan\n\n```bash\nskillfortify scan ./my-agent-project\nskillfortify scan ./my-agent-project --format json\nskillfortify scan ./my-agent-project --severity-threshold high\n```\n\n### HTML Dashboard\n\nGenerate a standalone HTML security report with interactive filtering, a capabilities matrix, and severity breakdown:\n\n```bash\nskillfortify dashboard\nskillfortify dashboard --output security-report.html\n```\n\nOpen the generated file in any browser -- no server or dependencies required.\n\n---\n\n## Features\n\n- **Formal threat model (DY-Skill)** -- mathematically grounded attack taxonomy for the agent skill supply chain\n- **Sound static analysis** -- formal capability verification, not heuristic pattern matching\n- **Capability-based access control** -- POLA compliance checks for every skill\n- **Agent Dependency Graph** -- constraint-based resolution with conflict detection\n- **Lockfile generation** -- deterministic `skill-lock.json` for reproducible agent configurations\n- **Trust score algebra** -- multi-signal trust with propagation through dependency chains\n- **ASBOM generation** -- CycloneDX 1.6 Agent Skill Bill of Materials for compliance reporting\n- **Registry scanning** -- scan MCP registries, PyPI, and npm for known vulnerabilities\n- **HTML dashboard** -- standalone interactive security report\n- **System auto-discovery** -- finds every AI tool on your machine automatically\n- **22 framework support** -- broadest coverage of any agent security scanner\n\n---\n\n## CLI Commands\n\n| Command | Description |\n|---------|-------------|\n| `skillfortify scan [path]` | Discover and analyze skills. No path = system-wide scan |\n| `skillfortify verify \u003cskill\u003e` | Deep formal verification of a single skill file |\n| `skillfortify lock \u003cpath\u003e` | Generate deterministic `skill-lock.json` lockfile |\n| `skillfortify trust \u003cskill\u003e` | Compute multi-signal trust score with graduated levels |\n| `skillfortify sbom \u003cpath\u003e` | Generate CycloneDX 1.6 ASBOM for compliance |\n| `skillfortify frameworks` | List all 22 supported frameworks and detection methods |\n| `skillfortify dashboard` | Generate standalone HTML security report |\n| `skillfortify registry-scan \u003csource\u003e` | Scan MCP, PyPI, or npm registries for threats |\n\n### Exit Codes\n\n| Code | Meaning |\n|------|---------|\n| `0` | All checks passed |\n| `1` | Security findings detected |\n| `2` | No skills found or parse error |\n\n---\n\n## Benchmark Results\n\nEvaluated on SkillFortifyBench -- 540 agent skills (clean and malicious samples from documented real-world incidents):\n\n| Metric | Value |\n|--------|-------|\n| Precision | **100%** (zero false positives) |\n| Recall | 94.12% |\n| F1 Score | **96.95%** |\n| Average scan time | 2.55 ms per skill |\n\n---\n\n## Trust Levels\n\nGraduated trust levels inspired by the SLSA framework:\n\n| Level | Threshold | Meaning |\n|-------|-----------|---------|\n| **FORMALLY_VERIFIED** | \u003e= 0.75 | Highest assurance. Formal analysis passed, strong provenance |\n| **COMMUNITY_VERIFIED** | \u003e= 0.50 | Community reviewed, usage history, behavioral checks passed |\n| **SIGNED** | \u003e= 0.25 | Basic provenance. Author signed, limited verification |\n| **UNSIGNED** | \u003c 0.25 | No verification. Treat with extreme caution |\n\n---\n\n## CI/CD Integration\n\n### GitHub Actions\n\n```yaml\nname: Skill Security Scan\non: [push, pull_request]\n\njobs:\n  skillfortify-scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: \"3.11\"\n      - run: pip install skillfortify\n      - run: skillfortify scan . --format json\n      - run: skillfortify lock . --output /tmp/fresh-lock.json\n```\n\n---\n\n## Requirements\n\n- Python 3.11 or later\n- No external services required -- runs entirely offline\n- Works on Linux, macOS, and Windows\n\n---\n\n## Academic Paper\n\n**\"Formal Analysis and Supply Chain Security for Agentic AI Skills\"**\n\nBacked by peer-reviewed research with five formal theorems and full proofs, formalizing the agent skill supply chain threat model, capability verification, trust algebra, and dependency resolution.\n\n**[Read the paper on arXiv](https://arxiv.org/abs/2603.00195)** | **[Zenodo](https://doi.org/10.5281/zenodo.18787663)** | DOI: 10.5281/zenodo.18787663\n\n---\n\n## Contributing\n\nContributions welcome. See [CONTRIBUTING.md](CONTRIBUTING.md) for setup instructions, coding standards, and submission guidelines.\n\n---\n\n## Author\n\n**Varun Pratap Bhardwaj** -- Solution Architect with 15+ years in enterprise technology. Dual qualifications in technology and law (LL.B.), with a focus on formal methods for AI safety.\n\n- **ORCID:** [0009-0002-8726-4289](https://orcid.org/0009-0002-8726-4289)\n- **Contact:** varun.pratap.bhardwaj@gmail.com\n\n---\n\n## License\n\nMIT License. See [LICENSE](LICENSE) for details.\n\n---\n\n## Citation\n\n```bibtex\n@article{bhardwaj2026skillfortify,\n  author    = {Bhardwaj, Varun Pratap},\n  title     = {Formal Analysis and Supply Chain Security for Agentic AI Skills},\n  journal   = {arXiv preprint arXiv:2603.00195},\n  year      = {2026},\n  doi       = {10.5281/zenodo.18787663},\n  url       = {https://arxiv.org/abs/2603.00195}\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqualixar%2Fskillfortify","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqualixar%2Fskillfortify","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqualixar%2Fskillfortify/lists"}