[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-74179":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":30,"readmeContent":31,"aiSummary":32,"trendingCount":16,"starSnapshotCount":16,"syncStatus":33,"lastSyncTime":34,"discoverSource":35},74179,"skill-scanner","cisco-ai-defense\u002Fskill-scanner","cisco-ai-defense","Security Scanner for Agent Skills","https:\u002F\u002Fcisco-ai-defense.github.io\u002Fdocs\u002Fskill-scanner",null,"Python",2165,261,11,7,0,29,70,201,87,29.25,"Other",false,"main",true,[27,28,29],"agent","agent-skills","security","2026-06-12 02:03:23","# Skill Scanner\n\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Apache%202.0-blue.svg)](https:\u002F\u002Fopensource.org\u002Flicenses\u002FApache-2.0)\n[![Python 3.10+](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fpython-3.10+-blue.svg)](https:\u002F\u002Fwww.python.org\u002Fdownloads\u002F)\n[![PyPI version](https:\u002F\u002Fimg.shields.io\u002Fpypi\u002Fv\u002Fcisco-ai-skill-scanner.svg)](https:\u002F\u002Fpypi.org\u002Fproject\u002Fcisco-ai-skill-scanner\u002F)\n[![CI](https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fskill-scanner\u002Factions\u002Fworkflows\u002Fpython-tests.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fskill-scanner\u002Factions\u002Fworkflows\u002Fpython-tests.yml)\n[![Discord](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDiscord-Join%20Us-7289da?logo=discord&logoColor=white)](https:\u002F\u002Fdiscord.com\u002Finvite\u002FnKWtDcXxtx)\n[![Cisco AI Defense](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCisco-AI%20Defense-049fd9?logo=cisco&logoColor=white)](https:\u002F\u002Fwww.cisco.com\u002Fsite\u002Fus\u002Fen\u002Fproducts\u002Fsecurity\u002Fai-defense\u002Findex.html)\n[![AI Security Framework](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAI%20Security-Framework-orange)](https:\u002F\u002Flearn-cloudsecurity.cisco.com\u002Fai-security-framework)\n[![Ask DeepWiki](https:\u002F\u002Fdeepwiki.com\u002Fbadge.svg)](https:\u002F\u002Fdeepwiki.com\u002Fcisco-ai-defense\u002Fskill-scanner)\n\nA best-effort security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. Combines **pattern-based detection** (YAML + YARA), **LLM-as-a-judge**, and **behavioral dataflow analysis** to maximize detection coverage of probable threats while minimizing false positives.\n\n> **Important:** This scanner provides best-effort detection, not comprehensive or complete coverage. A scan that returns no findings does not guarantee that a skill is free of all threats. See [Scope and Limitations](#scope-and-limitations) below.\n\nSupports [OpenAI Codex Skills](https:\u002F\u002Fopenai.github.io\u002Fcodex\u002F) and [Cursor Agent Skills](https:\u002F\u002Fdocs.cursor.com\u002Fcontext\u002Frules) formats following the [Agent Skills specification](https:\u002F\u002Fagentskills.io). With `--lenient`, also scans non-standard formats such as Claude Code `.claude\u002Fcommands\u002F*.md` and flat markdown skill repos.\n\n---\n\n## Highlights\n\n- **Multi-Engine Detection** - Static analysis, behavioral dataflow, LLM semantic analysis, and cloud-based scanning for layered, best-effort coverage\n- **False Positive Filtering** - Meta-analyzer significantly reduces noise while preserving detection capability\n- **CI\u002FCD Ready** - SARIF output for GitHub Code Scanning, [reusable GitHub Actions workflow](docs\u002Fgithub-actions.md), exit codes for build failures\n- **Pre-commit Hook** - [Standard pre-commit framework](https:\u002F\u002Fpre-commit.com\u002F) integration to scan skills before every commit\n- **Extensible** - Plugin architecture for custom analyzers\n\n**[Join the Cisco AI Discord](https:\u002F\u002Fdiscord.com\u002Finvite\u002FnKWtDcXxtx)** to discuss, share feedback, or connect with the team.\n\n---\n\n## Scope and Limitations\n\nSkill Scanner is a detection tool. It identifies known and probable risk patterns, but it does not certify security.\n\n**Key limitations:**\n\n- **No findings ≠ no risk.** A scan that returns \"No findings\" indicates that no known threat patterns were detected. It does not guarantee that a skill is secure, benign, or free of vulnerabilities.\n- **Coverage is inherently incomplete.** The scanner combines signature-based detection, LLM-based semantic analysis, behavioral dataflow analysis, optional cloud services, and configurable rule packs. While this approach improve coverage, no automated tool can detect every technique, especially novel or zero-day attacks.\n- **False positives and false negatives can occur.** Consensus modes and meta-analysis reduce noise, but no configuration eliminates all incorrect classifications. Tune the [scan policy](docs\u002Fuser-guide\u002Fcustom-policy-configuration.md) to your risk tolerance.\n- **Human review remains essential.** Automated scanning is one component of a defense-in-depth strategy. High-risk or production deployments should pair scanner results with manual code review and\u002For  threat modeling.\n\n---\n\n## Documentation\n\n| Guide | Description |\n|-------|-------------|\n| [Quick Start](docs\u002Fgetting-started\u002Fquick-start.md) | Get started in 5 minutes |\n| [Architecture](docs\u002Farchitecture\u002Findex.md) | System design and components |\n| [Threat Taxonomy](docs\u002Farchitecture\u002Fthreat-taxonomy.md) | Complete AITech threat taxonomy with examples |\n| [LLM Analyzer](docs\u002Farchitecture\u002Fanalyzers\u002Fllm-analyzer.md) | LLM configuration and usage |\n| [Meta-Analyzer](docs\u002Farchitecture\u002Fanalyzers\u002Fmeta-analyzer.md) | False positive filtering and prioritization |\n| [Behavioral Analyzer](docs\u002Farchitecture\u002Fanalyzers\u002Fbehavioral-analyzer.md) | Dataflow analysis details |\n| [Scan Policy](docs\u002Fuser-guide\u002Fcustom-policy-configuration.md) | Custom policies, presets, and tuning guide |\n| [Policy Quick Reference](docs\u002Freference\u002Fpolicy-quick-reference.md) | Compact reference for policy sections and knobs |\n| [Rule Authoring](docs\u002Farchitecture\u002Fanalyzers\u002Fwriting-custom-rules.md) | How to add signature, YARA, and Python rules |\n| [GitHub Actions](docs\u002Fgithub-actions.md) | Reusable workflow for CI\u002FCD integration |\n| [API Reference](docs\u002Fuser-guide\u002Fapi-server.md) | REST API documentation |\n| [Development Guide](docs\u002Fdevelopment\u002Fsetup-and-testing.md) | Contributing and development setup |\n\n---\n\n## Installation\n\n**Prerequisites:** Python 3.10+ and [uv](https:\u002F\u002Fdocs.astral.sh\u002Fuv\u002F) (recommended) or pip\n\n```bash\n# Using uv (recommended)\nuv pip install cisco-ai-skill-scanner\n\n# Using pip\npip install cisco-ai-skill-scanner\n```\n\n\u003Cdetails>\n\u003Csummary>\u003Cstrong>Cloud Provider Extras\u003C\u002Fstrong>\u003C\u002Fsummary>\n\n```bash\n# AWS Bedrock support\npip install cisco-ai-skill-scanner[bedrock]\n\n# Google AI Studio \u002F Gemini support\npip install cisco-ai-skill-scanner[google]\n\n# Google Vertex AI support\npip install cisco-ai-skill-scanner[vertex]\n\n# Azure OpenAI support\npip install cisco-ai-skill-scanner[azure]\n\n# All cloud providers\npip install cisco-ai-skill-scanner[all]\n```\n\n\u003C\u002Fdetails>\n\n---\n\n## Quick Start\n\n### Environment Setup (Optional)\n\n```bash\n# For LLM analyzer and Meta-analyzer\nexport SKILL_SCANNER_LLM_API_KEY=\"your_api_key\"\nexport SKILL_SCANNER_LLM_MODEL=\"claude-3-5-sonnet-20241022\"\n\n# For VirusTotal binary scanning\nexport VIRUSTOTAL_API_KEY=\"your_virustotal_api_key\"\n\n# For Cisco AI Defense\nexport AI_DEFENSE_API_KEY=\"your_aidefense_api_key\"\n```\n\n### Interactive Wizard\n\nNot sure which flags to use? Run `skill-scanner` with no arguments to launch the interactive wizard:\n\n```bash\nskill-scanner\n```\n\nThe wizard walks you through selecting a scan target, analyzers, policy, and output format, then shows the assembled command before running it. Great for learning the CLI.\n\n### CLI Usage\n\n```bash\n# Scan a single skill (core analyzers: static + bytecode + pipeline)\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill\n\n# Scan with behavioral analyzer (dataflow analysis)\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --use-behavioral\n\n# Scan with all engines\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --use-behavioral --use-llm --use-aidefense\n\n# Scan with meta-analyzer for false positive filtering\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --use-llm --enable-meta\n\n# Scan with trigger analyzer for vague description checks\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --use-trigger\n\n# Run LLM analyzer multiple times and keep majority-agreed findings\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --use-llm --llm-consensus-runs 3\n\n# Scan multiple skills recursively\nskill-scanner scan-all \u002Fpath\u002Fto\u002Fskills --recursive --use-behavioral\n\n# Scan multiple skills with cross-skill overlap detection\nskill-scanner scan-all \u002Fpath\u002Fto\u002Fskills --recursive --check-overlap\n\n# Lenient mode: tolerate malformed skills instead of failing\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --lenient\nskill-scanner scan-all \u002Fpath\u002Fto\u002Fskills --recursive --lenient\n\n# Lenient mode with non-standard skill formats (no SKILL.md required)\nskill-scanner scan .claude\u002Fcommands\u002Fdeploy --lenient\nskill-scanner scan-all .claude\u002Fcommands --recursive --lenient\n\n# Use a custom metadata filename instead of SKILL.md\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --skill-file README.md\n\n# CI\u002FCD: Fail build if threats found\nskill-scanner scan-all .\u002Fskills --fail-on-severity high --format sarif --output results.sarif\n\n# Generate interactive HTML report with attack correlation groups\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --use-llm --enable-meta --format html --output report.html\n\n# Use custom YARA rules\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --custom-rules \u002Fpath\u002Fto\u002Fmy-rules\u002F\n\n# Use custom taxonomy + threat mapping profiles (JSON\u002FYAML)\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --taxonomy \u002Fpath\u002Fto\u002Ftaxonomy.json --threat-mapping \u002Fpath\u002Fto\u002Fthreat_mapping.json\n\n# VirusTotal hash scan with optional unknown-file uploads\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --use-virustotal --vt-upload-files\n\n# Use a scan policy preset (strict, balanced, permissive)\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --policy strict\n\n# Use a custom org policy file\nskill-scanner scan \u002Fpath\u002Fto\u002Fskill --policy my_org_policy.yaml\n\n# Generate a policy file to customise\nskill-scanner generate-policy -o my_org_policy.yaml\n\n# Interactive policy configurator (TUI)\nskill-scanner configure-policy\n```\n\n**LLM provider note:** `--llm-provider` currently accepts `anthropic` or `openai`.\nFor Bedrock, Vertex, Azure, Gemini, and other LiteLLM backends, set provider-specific model strings and environment variables (see [LLM Analyzer docs](docs\u002Farchitecture\u002Fanalyzers\u002Fllm-analyzer.md)).\n\n### Python SDK\n\n```python\nfrom skill_scanner import SkillScanner\nfrom skill_scanner.core.analyzers import BehavioralAnalyzer\n\n# Create scanner with analyzers\nscanner = SkillScanner(analyzers=[\n    BehavioralAnalyzer(),\n])\n\n# Scan a skill\nresult = scanner.scan_skill(\"\u002Fpath\u002Fto\u002Fskill\")\n\nprint(f\"Findings: {len(result.findings)}\")\nprint(f\"Max severity: {result.max_severity}\")\n\n# Note: is_safe indicates no HIGH\u002FCRITICAL findings were detected.\n# It does not guarantee the skill is free of all risk.\nif not result.is_safe:\n    print(\"Issues detected -- review findings before deployment\")\n```\n\n---\n\n## Security Analyzers\n\n| Analyzer | Detection Method | Scope | Requirements |\n|----------|------------------|-------|--------------|\n| **Static** | YAML + YARA patterns | All files | None |\n| **Bytecode** | .pyc integrity verification | Python bytecode | None |\n| **Pipeline** | Command taint analysis | Shell pipelines | None |\n| **Behavioral** | AST dataflow analysis | Python files | None |\n| **LLM** | Semantic analysis | SKILL.md + scripts | API key |\n| **Meta** | False positive filtering | All findings | API key |\n| **VirusTotal** | Hash-based malware | Binary files | API key |\n| **AI Defense** | Cloud-based AI | Text content | API key |\n\n---\n\n## CLI Options\n\n| Option | Description |\n|--------|-------------|\n| `--policy` | Scan policy: preset name (`strict`, `balanced`, `permissive`) or path to custom YAML |\n| `--use-behavioral` | Enable behavioral analyzer (dataflow analysis) |\n| `--use-llm` | Enable LLM analyzer (requires API key) |\n| `--llm-provider` | LLM provider for CLI routing: `anthropic` or `openai` |\n| `--llm-consensus-runs N` | Run LLM analysis `N` times and keep majority-agreed findings |\n| `--llm-max-tokens N` | Maximum output tokens for LLM responses (default: 8192) |\n| `--use-virustotal` | Enable VirusTotal binary scanner |\n| `--vt-api-key KEY` | Provide VirusTotal API key directly (optional) |\n| `--vt-upload-files` | Upload unknown binaries to VirusTotal (optional) |\n| `--use-aidefense` | Enable Cisco AI Defense analyzer |\n| `--aidefense-api-url URL` | Override AI Defense API URL (optional) |\n| `--use-trigger` | Enable trigger specificity analyzer |\n| `--enable-meta` | Enable meta-analyzer for false positive filtering |\n| `--verbose` | Include per-finding policy fingerprints, co-occurrence metadata, and keep meta-analyzer false positives |\n| `--format` | Output: `summary`, `json`, `markdown`, `table`, `sarif`, `html`. The `html` format produces a self-contained interactive report with collapsible correlation groups, expandable code snippets, and pipeline taint flow diagrams |\n| `--detailed` | Include detailed findings in Markdown output |\n| `--compact` | Compact JSON output |\n| `--output PATH` | Default output file path (overridden by `--output-\u003Cfmt>`) |\n| `--fail-on-findings` | Exit with error if HIGH\u002FCRITICAL found (shorthand for `--fail-on-severity high`) |\n| `--fail-on-severity LEVEL` | Exit with error if findings at or above LEVEL exist (critical, high, medium, low, info) |\n| `--custom-rules PATH` | Use custom YARA rules from directory |\n| `--taxonomy PATH` | Load custom taxonomy profile (JSON\u002FYAML) for this run |\n| `--threat-mapping PATH` | Load custom scanner threat mapping profile (JSON) for this run |\n| `--lenient` | Tolerate malformed skills (coerce bad fields, fill defaults) instead of failing. When `SKILL.md` is absent, falls back to scanning `.md` files in the directory |\n| `--skill-file FILENAME` | Custom metadata filename to use instead of `SKILL.md` (e.g. `README.md`) |\n| `--check-overlap` | (`scan-all`) Enable cross-skill description overlap checks |\n\n| Command | Description |\n|---------|-------------|\n| *(no command)* | Launch interactive scan wizard (when run in a terminal) |\n| `interactive` | Launch interactive scan wizard (explicit) |\n| `scan` | Scan a single skill directory |\n| `scan-all` | Scan multiple skills (with `--recursive`, `--check-overlap`) |\n| `generate-policy` | Generate a scan policy YAML for customisation |\n| `configure-policy` | Interactive TUI to build\u002Fedit a custom scan policy (`--input` supported) |\n| `list-analyzers` | Show available analyzers |\n| `validate-rules` | Validate rule signatures (`--rules-file` supported) |\n\n---\n\n## Example Output\n\n```\n$ skill-scanner scan .\u002Fmy-skill --use-behavioral\n\n============================================================\nSkill: my-skill\n============================================================\nStatus: [OK] No findings\nMax Severity: NONE\nTotal Findings: 0\nScan Duration: 0.15s\n```\n\n> **Note:** \"No findings\" means the scanner did not detect any known threat patterns -- it is not a guarantee that the skill is free of all risk. See [Scope and Limitations](#scope-and-limitations).\n\n---\n\n## GitHub Actions\n\nScan skills automatically on every push or PR using the [reusable workflow](docs\u002Fgithub-actions.md):\n\n```yaml\n# .github\u002Fworkflows\u002Fscan-skills.yml\nname: Scan Skills\non:\n  pull_request:\n    paths: [\".cursor\u002Fskills\u002F**\"]\njobs:\n  scan:\n    uses: cisco-ai-defense\u002Fskill-scanner\u002F.github\u002Fworkflows\u002Fscan-skills.yml@main\n    with:\n      skill_path: .cursor\u002Fskills\n    permissions:\n      security-events: write\n      contents: read\n```\n\nResults appear as inline annotations in PRs via GitHub Code Scanning. See the [full guide](docs\u002Fgithub-actions.md) for LLM integration, secret configuration, and branch protection setup.\n\n---\n\n## Pre-commit Hook\n\nScan skills before every commit using the [pre-commit](https:\u002F\u002Fpre-commit.com\u002F) framework:\n\n```yaml\n# .pre-commit-config.yaml\nrepos:\n  - repo: https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fskill-scanner\n    rev: v1.0.0  # use the latest release tag\n    hooks:\n      - id: skill-scanner\n```\n\nOr install the built-in hook directly:\n\n```bash\nskill-scanner-pre-commit install\n```\n\nThe hook automatically detects which skill directories have staged changes and only scans those, keeping commit times fast. Use `--all` to scan everything.\n\n---\n\n## Contributing\n\nWe welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n## License\n\nApache 2.0 - See [LICENSE](LICENSE) for details.\n\nCopyright 2026 Cisco Systems, Inc. and its affiliates\n\n---\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fskill-scanner\">GitHub\u003C\u002Fa> •\n  \u003Ca href=\"https:\u002F\u002Fdiscord.com\u002Finvite\u002FnKWtDcXxtx\">Discord\u003C\u002Fa> •\n  \u003Ca href=\"https:\u002F\u002Fpypi.org\u002Fproject\u002Fcisco-ai-skill-scanner\u002F\">PyPI\u003C\u002Fa>\n\u003C\u002Fp>\n","Skill Scanner 是一个用于检测AI代理技能安全性的工具，主要针对提示注入、数据泄露和恶意代码模式进行识别。该项目结合了基于模式的检测（YAML + YARA）、LLM作为评判者以及行为数据流分析技术，以最大化威胁检测覆盖率同时减少误报。适用于需要对OpenAI Codex Skills和Cursor Agent Skills等格式的AI技能进行安全扫描的场景，也支持非标准格式如Claude Code的.md文件。此外，它还提供了CI\u002FCD集成、预提交钩子以及可扩展的插件架构等功能，便于开发者在开发流程中无缝集成安全检查步骤。",2,"2026-06-11 03:49:22","high_star"]