Agent Skill Scanner

Created By

rexcoleman2 months ago

Scan OpenClaw SKILL.md and MCP tool definition files for security vulnerabilities. 22 rules across prompt injection, capability escalation, data exfiltration, encoded payloads, and composition risks. The only scanner targeting agent skill file formats.

# security

# agent-security

Overview Content Tools Comments

Overview

agent-skill-scanner MCP Server

Last updated: 2026-03-31

Scan OpenClaw SKILL.md and Model Context Protocol (MCP) tool definition files for security vulnerabilities — directly from Claude Code.

22 detection rules across prompt injection, capability escalation, data exfiltration, encoded payloads, and composition risks. This is the only scanner targeting agent skill file formats specifically. Generic Static Application Security Testing (SAST) tools produce zero detections on these formats.

Install

Requires Python 3.10+ and the scanner engine:

pip install agent-skill-scanner

Configure in Claude Code

Add to your Claude Code MCP settings:

{
  "mcpServers": {
    "agent-skill-scanner": {
      "command": "python3",
      "args": ["/path/to/agent-skill-scan-mcp/server.py"]
    }
  }
}

Replace /path/to/ with the actual path where you cloned this repo.

Tools

`scan_skill_file`

Scan a single skill file for security vulnerabilities.

scan_skill_file(file_path="/path/to/SKILL.md")

Returns findings with severity, rule ID, description, and evidence.

`scan_directory`

Recursively find and scan all agent skill files in a directory.

scan_directory(directory_path="/path/to/skills/")

Returns aggregated findings across all discovered skill files.

What it detects

22 rules across 5 categories:

Category	Examples
Prompt injection	System prompt override, role hijacking, instruction injection
Capability escalation	Privilege escalation, shell spawning, persistence mechanisms
Data exfiltration	Credential access, environment variable reads, outbound transfer
Encoded payloads	Base64 commands, hex payloads, obfuscated strings
Composition risks	Unrestricted tool chaining, cross-skill data flow, trust violations

Differentiator

This scanner targets OpenClaw SKILL.md and MCP tool definition formats — markdown-embedded code and YAML skill configurations that generic SAST tools (semgrep, CodeQL) miss entirely. If you're scanning general Python/JavaScript code, use Snyk or semgrep. If you're scanning agent skill files, this is the only tool that covers the format.

Trust & Security

This server runs locally via stdio. No network calls beyond the initial pip install. No data collection. No telemetry.

Source is fully auditable in this repo. The scanner engine source is at github.com/rexcoleman/agent-skill-scanner.

Limitations

Pattern-based detection only — no semantic analysis
Designed for OpenClaw SKILL.md and MCP tool definitions
Rules cover known attack patterns from published research, not zero-days

License

MIT

Try in Playground

Server Config

{
  "mcpServers": {
    "agent-skill-scanner": {
      "command": "python3",
      "args": [
        "/path/to/agent-skill-scan-mcp/server.py"
      ],
      "env": {}
    }
  }
}

Project Info

Created At

2 months ago

Updated At

2 months ago

Author Name

rexcoleman

Star

Language

License

Recommend Servers

View All

Existence Synchronization System Entity

@VeniceEsse

MCP server that fuses 2–5 AI agents into one unified mind. Features 7 tools: esse_quick, esse_fuse, esse_execute, esse_list_agents, esse_list_sessions, esse_memory, esse_defuse. Supports Venice AI, OpenAI, and Anthropic. One AI. Many agents. Fused.

40 minutes ago

Memory

@modelcontextprotocol

a year ago

Pet And Veterinary Products Recall

@agentprolabs

An open-source MCP server that makes government pet-food and veterinary-drug recall data queryable by AI assistants. Search and filter active recalls, fuzzy-match a specific product, and subscribe to email alerts — sourced daily from the Government of Canada (CFIA) and the US FDA (OpenFDA). Zero config: just npx.

an hour ago

Fetch

@test

Web content fetching and conversion for efficient LLM usage

8 months ago

Playwright Mcp

@microsoft

Playwright MCP server

TypeScript

10 months ago

Qiniu MCP Server

@Qiniu

基于七牛云产品构建的 Model Context Protocol (MCP) Server，支持用户在 AI 大模型客户端的上下文中通过该 MCP Server 来访问七牛云存储资源、利用 Dora 服务进行图片操作等。如果有什么需求欢迎在下方评论，您也可以在 github 仓库中提 issue。

Python

a year ago

Aws Kb Retrieval Server

@modelcontextprotocol

An MCP server implementation for retrieving information from the AWS Knowledge Base using the Bedrock Agent Runtime.

a year ago

Google Maps

@modelcontextprotocol

Location services, directions, and place details

a year ago

Sequential Thinking

@modelcontextprotocol

An MCP server implementation that provides a tool for dynamic and reflective problem-solving through a structured thinking process.

a year ago

MCP Server for Milvus

@zilliztech

The Milvus MCP server enables AI applications to interact with Milvus vector databases using natural language commands. It allows AI models to perform vector searches, manage collections, and retrieve data without writing custom database queries. This integration facilitates seamless access to vector data, enhancing the capabilities of AI tools like Claude Desktop and Cursor.

a year ago

Bucket Feature Flags MCP Server

@bucketco

Flag features directly from chat in your code editor, including VS Code, Cursor, Windsurf, Claude Code—any IDE with MCP support.

a year ago

Filesystem

@modelcontextprotocol

2 months ago

Payperbyte

@0rkz

Verified, provenance-first per-byte USDC data feeds for AI agents on Arbitrum. Discover first-party publishers, subscribe to live feeds or pay-per-call via x402, and verify-before-act (recompute keccak256 vs the publisher's on-chain EIP-712 attestation). 15 MCP tools; read-only needs no wallet. Testnet; no token.

an hour ago

302_sandbox_mcp

@302ai

Create a remote sandbox that can execute code/run commands/upload and download files. 创建远程沙盒，可以执行代码/运行命令/上传下载文件

a year ago

Ux Skill

@Laith0003

A deterministic, offline design-intelligence engine for AI coding tools. Replaces improvised UI generation with structured constraints plus a rule-based anti-AI-slop linter. Ships as a Claude Code plugin, a Python package, an MCP server (18 tools), and a 17-IDE installer.

40 minutes ago

Perplexity Ask MCP Server

@ppl-ai

A Model Context Protocol Server connector for Perplexity API, to enable web search without leaving the MCP ecosystem.

JavaScript

a year ago

EverArt

@modelcontextprotocol

AI image generation using various models

a year ago

Time

@modelcontextprotocol

A Model Context Protocol server that provides time and timezone conversion capabilities. This server enables LLMs to get current time information and perform timezone conversions using IANA timezone names, with automatic system timezone detection.

4 months ago

Ssumcp

@hoeongj

숭실대학교의 모든 공개/개인 정보 제공과 자동화 에이전트 기능을 MCP 표준 도구로 제공하여 공개 서버 지속적으로 업데이트 및 기능 추가 중입니다 공개 도구 •학식 - 학생식당·도담식당·기숙사(레지던스홀)등 모든 식당 메뉴 및 식당정보 •시설 - 캠퍼스 내 카페·편의점·복사 등 검색 •도서관 - 좌석 실시간 조회 / 도서 검색 •공지사항 - 최신 공지 목록·키워드검색·학과별공지 등 개인 도구 요청시 로그인 URL을 받아 한 번 로그인하면 이후 모든 개인 도구를 사용 가능 •u-SAINT - 시간표, 성적, 채플 정보, 졸업요건, 장학금 내역 등 •LMS - 현재 학기 미제출 과제·퀴즈목록 등 •도서관 - 대출 현황 및 반납 기한(예약 현황 및 예약 자동화 에이전트 도입 예정) 대화 예시 나 졸업하려면 어떤 조건들이 남았어? 도서관 6층 창가쪽 빈자리 있으면 예약해줘 장학금 관련 공지사항 찾아줘

40 minutes ago

Slack

@modelcontextprotocol

Channel management and messaging capabilities

a year ago

302_browser_use_mcp

@302ai

Automatically create a remote browser to complete your specified tasks, developed based on Browser Use + Sandbox. 自动创建一个远程浏览器，完成你指定的任务，基于Browser Use + Sandbox开发。

a year ago

Zhipu Web Search

@BigModel

Zhipu Web Search MCP Server is a search engine specifically designed for large models. It integrates four search engines, allowing users to flexibly compare and switch between them. Building upon the web crawling and ranking capabilities of traditional search engines, it enhances intent recognition capabilities, returning results more suitable for large model processing (such as webpage titles, URLs, summaries, site names, site icons, etc.). This helps AI applications achieve "dynamic knowledge acquisition" and "precise scenario adaptation" capabilities.

a year ago

PostgreSQL

@modelcontextprotocol

Read-only database access with schema inspection

a year ago

Aiimagemultistyle

@codecraftm

A Model Context Protocol (MCP) server for image generation and manipulation using fal.ai's Stable Diffusion model.

a year ago

MiniMax MCP

@MiniMax-AI

Official MiniMax Model Context Protocol (MCP) server that enables interaction with powerful Text to Speech, image generation and video generation APIs.

Python

a year ago

Howtocook Mcp

@worryzyy

基于Anduin2017 / HowToCook （程序员在家做饭指南）的mcp server，帮你推荐菜谱、规划膳食，解决“今天吃什么“的世纪难题； Based on Anduin2017/HowToCook (Programmer's Guide to Cooking at Home), MCP Server helps you recommend recipes, plan meals, and solve the century old problem of "what to eat today"

a year ago

Firecrawl Mcp Server

@mendableai

Official Firecrawl MCP Server - Adds powerful web scraping to Cursor, Claude and any other LLM clients.

JavaScript

a year ago

Tavily Mcp

@tavily-ai

JavaScript

a year ago

Filesystem

Secure file operations with configurable access controls