SkillGuard scans AI agent skills for prompt injection, data exfiltration, obfuscated secrets, and malicious code patterns — giving you an instant trust score.
Paste a SKILL.md or click a demo to see instant results.
Six detection categories, 50+ patterns — catching the attacks that matter.
Catches role-override phrases, jailbreak attempts, and instruction hijacking patterns before they compromise your agent.
Identifies suspicious external network calls, fetch/curl patterns targeting unknown endpoints that could steal your data.
Scans for hardcoded API keys, tokens (sk-, ghp_, AKIA*), and credentials embedded in skill code.
Flags dangerous eval(), exec(), subprocess, and shell command patterns that could run arbitrary code on your system.
Detects attempts to read .env files, /etc/passwd, SSH keys, and other sensitive system files.
Uncovers base64-encoded payloads and other obfuscation techniques used to hide malicious intent.
Three steps to a safer agent ecosystem
Paste raw SKILL.md content or a skill URL into the scanner.
Our engine runs 50+ pattern checks across 6 threat categories in milliseconds.
Receive a 0–100 trust score with detailed findings for every detected issue.
Start free. Scale as you grow.
For individual developers getting started.
For power users and active skill builders.
For teams and platform integrations.
Every third-party skill is a potential attack vector. SkillGuard gives you the visibility to trust — or block — any skill before it runs.
🛡️ Scan Your First Skill — It's Free