Beta · 100% browser-side
Skill security scanner
Paste a SKILL.md and see what it can actually do — code execution, network calls, file writes, shell commands, prompt-injection signals, token cost and a trust score.
Paste a SKILL.md
Analysis runs entirely in your browser — nothing is uploaded.
Scan report
Paste a SKILL.md to scan it
Or try the / example.
Skill scanner — FAQ
What does the skill scanner check?
It parses a SKILL.md and flags whether the skill executes code, reaches the network, writes files, runs shell commands, or contains prompt-injection / exfiltration language. It also estimates token cost and gives a heuristic trust score.
Is my skill uploaded anywhere?
No. The analysis runs entirely in your browser — nothing is sent to a server.
Is a low score proof a skill is malicious?
No. This is a heuristic signal, not a security audit. Executing code or reaching the network is normal for many legitimate skills (the official pdf and webapp-testing skills do). Use the flags to decide what to read before installing.