AI Skill Scanner audits your ~/.claude/skills before they become production risk.
Paste a skill repo URL or upload your local Claude skill folder. Get a risk-scored report for malicious hooks, data exfiltration patterns, hardcoded credentials, and suspicious subagent instructions.
Built for engineering teams (10-50 developers) shipping AI tooling fast.
Why Teams Pay For This
- Open-source CLIs flag obvious issues but cannot standardize due diligence across teams.
- Procurement and AppSec need reproducible reports before approving AI workflow integrations.
- One malicious hook in a shared skill repo can expose tokens, CI secrets, or private source code.
Threat-Focused Rules
Rules are tuned to AI skill abuse paths: shell hook injection, encoded payload execution, and credential handling mistakes.
Fast Due Diligence
Upload folders directly or scan Git repositories in minutes. Security reviews no longer block AI rollouts.
Actionable Reports
Every finding includes severity, evidence location, and concrete remediation guidance your team can act on.
Pricing
One plan, built for team-level trust and security due diligence.
Team Plan
$19/month
- Unlimited repository and folder scans
- Risk scoring across every skill in each bundle
- Remediation guidance for security and platform engineers
- Dashboard history of recent scan outcomes
FAQ
What exactly does AI Skill Scanner analyze?
Every file in your uploaded ~/.claude folder or repository is parsed for unsafe hook behavior, exfiltration paths, credential leakage, and policy-bypassing subagent prompts.
How is this different from generic SAST scanners?
Generic SAST tools miss prompt-layer behaviors and skill wiring semantics. AI Skill Scanner is tuned for Claude skill structures, hooks, and agent instruction flows.
Can my security team use this in due diligence reviews?
Yes. Reports include per-finding evidence, severity, and remediation guidance that can be shared with procurement and AppSec reviewers.
How does billing work?
The hosted scanner is $19/month per team workspace through Stripe Checkout. You can cancel anytime.