SkillHub

agentshield-scanner

v0.5.1

Scan AI agent skills, MCP servers, and plugins for security vulnerabilities. Use when: user asks to check a skill/plugin for safety, audit security, scan for backdoors/data exfiltration/credential leaks, or evaluate trust of a third-party skill. Triggers: "is this skill safe", "scan for security iss...

Sourced from ClawHub, Authored by Elliot Liu

Installation

Please help me install the skill `agentshield-scanner` from SkillHub official store. npx skills add elliotllliu/agentshield-scanner

AgentShield — Security Scanner

Scan any directory for security issues in AI agent skills, MCP servers, and plugins.

Usage

# Basic scan
npx @elliotllliu/agent-shield scan ./path/to/skill/

# Pre-install check (GitHub URL, npm package, or local path)
npx @elliotllliu/agent-shield install-check https://github.com/user/repo

# JSON output for programmatic use
npx @elliotllliu/agent-shield scan ./path/to/skill/ --json

# Fail if score is below threshold
npx @elliotllliu/agent-shield scan ./path/to/skill/ --fail-under 70

# Scan .difypkg plugin archives
npx @elliotllliu/agent-shield scan ./plugin.difypkg

What It Detects (30 rules)

High Risk: - data-exfil — reads sensitive files + sends HTTP requests - backdoor — eval(), exec(), dynamic code execution - reverse-shell — outbound socket to shell - crypto-mining — mining pool connections - credential-hardcode — hardcoded API keys/tokens - obfuscation — base64+eval, hex strings - prompt-injection — 55+ patterns, 12 categories, 8 languages - tool-shadowing — tool name/description manipulation - attack-chain — multi-step kill chain (5 stages) - cross-file — cross-file data flow and code injection - ast-* — Python AST taint tracking (eval, pickle, SQL injection, SSTI) - multilang-injection — 8-language prompt injection - description-integrity — semantic mismatch between description and code - mcp-runtime — MCP server runtime security issues

Medium Risk: - env-leak — process.env exfiltration - network-ssrf — user-controlled URLs, SSRF - privilege — SKILL.md permission vs code mismatch - supply-chain — known CVEs in dependencies - sensitive-read — SSH keys, AWS creds access - phone-home — periodic beacon/heartbeat pattern - python-security — 35 Python-specific patterns

Low Risk: - excessive-perms — too many permissions declared - hidden-files — .env with secrets committed - typosquatting — suspicious npm package names

Interpreting Results

  • Score 90-100: Low risk ✅
  • Score 70-89: Moderate risk — review warnings
  • Score 40-69: High risk — investigate before using
  • Score 0-39: Critical risk — do not install

When to Use

  1. Before installing a third-party skill: npx @elliotllliu/agent-shield install-check <url>
  2. Auditing your own skills before publishing
  3. CI/CD pipeline gate: --fail-under 70
  4. Reviewing skills from untrusted sources