Skip to content

Trust, but verify.

Scan AI agent skills for security risks, generate trust scores, and share certified capabilities with the community.

Show Your Skill →Just scan it

No account needed to scan

Trust Report

92CERTIFIED

No injection vectors detected

info

Permissions properly scoped

info

External dependency: npm registry

low

15%

of AI agent skills contain malicious instructions

— Gen Digital, 2025

  • Prompt injection that hijacks agent behavior
  • Excessive permissions with no guardrails
  • Unvetted dependencies pulled at runtime
  • No safety boundaries between skill and host

How It Works

01

Submit

Paste a SKILL.md URL or upload content

02

Scan

Automated analysis across six risk categories

03

Certify

Earn a trust badge and cryptographic attestation

04

Show

Share your certified skill with the community

Try it now — scan a sample skill →

What We Detect

Permission Analysis

Maps every permission request and flags escalation patterns that exceed stated scope.

Injection Detection

Identifies prompt injection vectors, hidden instructions, and manipulation techniques.

Dependency Scanning

Traces external packages, runtime fetches, and unvetted third-party code.

Behavioral Risk

Detects data exfiltration patterns, persistence mechanisms, and evasion tactics.

Capability Contracts

Verifies that declared capabilities match actual behavior and resource usage.

Code Safety

Analyzes embedded code blocks for unsafe operations, eval patterns, and sandbox escapes.

Trending in Show AV

No submissions yet. Be the first to show your skill.

Show Your Skill →

Scan your first skill

No account needed to scan. Sign in with GitHub to show.

Show Your Skill →Just scan it