Back to Projects
SkillGuard
CLI ToolsFeatured

SkillGuard

SkillGuard is a security scanner for AI agent "skills" defined in Markdown. It evaluates skill definitions for security risks, malicious intents, and supply chain vulnerabilities, providing transparency to developers and end-users.

Why SkillGuard?

AI Agents are only as safe as the skills they are given. As the ecosystem of AI agents grows, so does the risk of malicious skills, prompt injection, supply chain attacks, and excessive permissions. SkillGuard provides the first line of defense by analyzing skill definitions before they're loaded into an agent.

Features

  • **YAML frontmatter parsing** - Extracts skill metadata from Markdown files
  • **Multi-category security scoring** - Weighted scoring with exponential decay
  • **Risk detection** - Shell command execution, credential exposure, prompt injection, obfuscated code, HTTP/Git dependencies, hidden characters
  • **CI/CD integration** - Threshold-based exit codes for automated pipelines
  • **Multiple output formats** - Colored CLI output and JSON reports
  • **Configurable** - Custom thresholds, paths, and trusted domains

Security Scoring

SkillGuard uses a multi-category scoring system with weighted averages: - Security (3.0x weight) - Shell access, file access, credentials, obfuscated code - Supply Chain (2.0x weight) - External scripts, git/http dependencies - Transparency (1.5x weight) - Metadata completeness, prompt injection risks - Quality (1.5x weight) - Tool access patterns - Maintenance (1.0x weight) - Telemetry, protestware detection

Install

# Binary

brew install ossafrica/skillguard

# Docker

docker pull ghcr.io/ossafrica/skillguard:latest

# Build from source

go build -o skillguard .

Stack:GoCobra
Tags:#Security#AI Agents#Supply Chain#CLI
View on GitHub

Next

bVault.js