Highlight potential security risks in Claude Code skills and agent skills
before installation. Scans for environment variable exfiltration, credential
harvesting, hidden shell execution, data exfiltration, prompt injection,
supply-chain attacks, persistence mechanisms, and 35+ other patterns based
on real-world incidents.
Use when the user says "audit this skill", "is this skill safe", "scan this
skill", "check skill security", "review this SKILL.md", "should I install
this skill", "vet this skill", or anytime the user is evaluating a
third-party skill for safety.
Also activate when the user pastes or references a SKILL.md file and asks
about its safety, trustworthiness, or risks.
2026-04-13