[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-80935":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":14,"stars7d":14,"stars30d":14,"stars90d":14,"forks30d":14,"starsTrendScore":14,"compositeScore":15,"rankGlobal":10,"rankLanguage":10,"license":16,"archived":17,"fork":17,"defaultBranch":18,"hasWiki":19,"hasPages":17,"topics":20,"createdAt":10,"pushedAt":10,"updatedAt":31,"readmeContent":32,"aiSummary":33,"trendingCount":14,"starSnapshotCount":14,"syncStatus":34,"lastSyncTime":35,"discoverSource":36},80935,"skill-scanner-agent","HuTa0kj\u002Fskill-scanner-agent","HuTa0kj","Skill Scan Agent — Automated scanning, identification, and assessment of SKILL security risks.","",null,"Python",32,1,0,40.9,"MIT License",false,"main",true,[21,22,23,24,25,26,27,28,29,30],"agent","agent-skills","agents","claude-code","llm-agent","llm-security","llm-tools","skill","skill-security","skills","2026-06-11 04:07:22","# Skill Scanner Agent\n\nAn LLM Agent-based SKILL security scanning tool for automated identification and assessment of security risks in SKILL directories.\n\n[中文文档](.\u002FREADME_CN.md)\n\n![](.\u002Fimages\u002Fcover.png)\n\n## Features\n\n- Automatically parse SKILL directory structure and extract basic information\n- Generate SKILL overview reports via LLM\n- Detect script files and perform code security auditing\n- Support English and Chinese report output\n- LangSmith tracing integration\n- Terminal report display + persistent file output\n\n## Why Agent?\n\nTraditional rule-based scanners rely on predefined patterns and signatures, which limits their ability to catch novel or subtle threats. Skill Scanner Agent leverages LLM-powered agents to overcome these limitations:\n\n- **Beyond Rules** — Agents can understand code semantics and intent, detecting malicious behaviors that rule-based approaches miss (e.g., obfuscated code, multi-step attack chains, context-aware exploits).\n- **Adaptive Reasoning** — Unlike static rules, agents dynamically reason about unfamiliar code patterns and adapt their analysis strategy based on what they discover during scanning.\n- **Context-Aware Analysis** — Agents evaluate security risks in the broader context of the entire SKILL, recognizing subtle cross-file interactions and chained vulnerabilities that individual rules cannot capture.\n- **Natural Language Explanations** — Every finding comes with a clear, human-readable explanation of the risk, impact, and recommended remediation — not just a rule ID.\n\n## Workflow\n\n1. **gather_base_info** — Validate SKILL directory, extract name, detect script files\n2. **skill_summary** — Perform security overview analysis via LLM Agent\n3. **audit_scripts** — Perform code security auditing via LLM Agent\n\n## Quick Start\n\n### Prerequisites\n\n- Python >= 3.12\n- [uv](https:\u002F\u002Fdocs.astral.sh\u002Fuv\u002F) (recommended package manager)\n\n### Installation\n\n```bash\n# Clone the repository\ngit clone https:\u002F\u002Fgithub.com\u002FHuTa0kj\u002Fskill-scanner-agent.git\ncd skill-scanner-agent\n\n# Install dependencies\nuv sync\n```\n\n### Configuration\n\nCopy the example config and fill in the required fields:\n\n```bash\ncp config.yaml.example config.yaml\n```\n\nEdit `config.yaml` to configure model API settings:\n\n```yaml\nmodels:\n  - id: glm-5\n    name: GLM-5\n    api_key: \"\"\n    base_url: \"\"\n    temperature: 0.1\n\n  - id: deepseek-v4-flash\n    name: DeepSeek-V4-Flash\n    api_key: \"\"\n    base_url: \"\"\n    temperature: 0.1\n    extra_body: {\"thinking\": {\"type\": \"disabled\"}}\n\nroles:\n  skill_summary: deepseek-v4-flash\n  audit_scripts: glm-5\n\nlimit:\n  model_call: 80\n  tool_call: 80\n\n# langsmith config (Optional)\nlangsmith:\n  tracing: true\n  endpoint: \"https:\u002F\u002Fapi.smith.langchain.com\"\n  api_key: \"\"\n  project: \"\"\n\n# Script files to be detected\nscript_extensions: ['.py', '.sh', '.bash', '.js', '.ts', '.rb', '.pl', '.go', '.rs', '.ps1', '.cmd', '.bat']\ndebug: false\noutput_dir: \".\u002Foutput\"\nlanguage: \"en\"\n\n```\n\n**Configuration Reference:**\n\n| Field | Description |\n|-------|-------------|\n| `models` | Available LLM models, each requires `id`, `api_key`, `base_url` |\n| `roles` | Role-to-model mapping, supports assigning different models for different tasks |\n| `langsmith` | LangSmith tracing config (optional) |\n| `script_extensions` | Script file extensions to detect |\n| `output_dir` | Report output directory |\n| `language` | Report language, supports `en` (English) and `zh` (Chinese) |\n\n### Usage\n\n```bash\n# Scan a SKILL directory\nuv run skill-scanner scan --source ~\u002F.claude\u002Fskills\u002Fskill-directory\n\n# Or run directly\npython -m skill_scanner.cli scan -s ~\u002F.claude\u002Fskills\u002Fskill-directory\n```\n\nThe target directory must contain a `SKILL.md` file.\n\n![](.\u002Fimages\u002Faudit.png)\n\n### Output\n\nAfter scanning, reports are saved to `output\u002F\u003Ctask_id>\u002F`:\n\n```\noutput\u002F\n└── \u003Ctask_id>\u002F\n    ├── skill_summary.md    # SKILL overview report\n    └── code_audit.md       # Code security audit report (only when scripts are present)\n```\n\n## Report\n\n![](.\u002Fimages\u002Freport.png)\n\n## Agent Tracing\n\nAfter configuring your [LangSmith](https:\u002F\u002Fsmith.langchain.com\u002F) key in config.yaml, you can track agents. You can see all the tool calls and details.\n\n![](.\u002Fimages\u002Flangsmith.png)\n\n## Tech Stack\n\n- **LangGraph** — Workflow orchestration\n- **LangChain** — LLM invocation and message management\n- **DeepAgents** — Agent construction\n- **Typer** — CLI framework\n- **Rich** — Terminal formatted output\n\n## License\n\n[MIT](LICENSE)\n","Skill Scanner Agent 是一个基于LLM代理的SKILL安全扫描工具，用于自动识别和评估SKILL目录中的安全风险。其核心功能包括自动解析SKILL目录结构、生成概览报告、检测脚本文件并执行代码安全审计，并支持中英文报告输出及LangSmith跟踪集成。该工具利用大语言模型超越传统规则限制，能够理解代码语义与意图，动态适应未知模式，提供上下文感知分析以及自然语言的风险解释。适用于需要对SKILL项目进行全面安全审查的场景，尤其是当面对隐蔽或复杂的威胁时。",2,"2026-06-11 04:02:55","CREATED_QUERY"]