Fangcun-AI

Fangcun-AI / SkillWard

Public

Security scanner for Agent Skills — uncover hidden threats before deployment.

ai-security-tool llm sandbox skills
43
1
100% credibility
Found Apr 11, 2026 at 43 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

SkillWard is an AI agent skill security scanner that performs static pattern checks, intelligent intent analysis, and isolated runtime testing to uncover hidden risks.

How It Works

1
🔍 Discover a helpful AI skill

You find a new AI skill online that sounds perfect for your daily tasks, but you want to check if it's safe first.

2
📁 Upload the skill folder

Drag the skill folder (with its description file inside) into SkillWard to start checking it out.

3
⚙️ Choose your check level

Pick quick review for speed or deep test for full peace of mind – SkillWard adapts to you.

4
🔄 Watch the safety checks run

SkillWard quietly reviews patterns, thinks deeply about intentions, and tests safely in isolation.

5
📊 Review clear results

See exactly what's safe or risky, with highlighted spots and simple suggestions to fix issues.

Skills you can trust

Now you confidently use safe skills or skip the bad ones, keeping your AI world secure.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 43 to 43 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is SkillWard?

SkillWard scans AI agent skills for hidden threats like credential theft and data exfiltration before deployment. It runs a three-stage pipeline—static pattern matching with YARA rules, LLM-based semantic review, and Docker sandbox execution—to deliver evidence-rich reports with remediation advice. Built in Python with a Next.js dashboard and CLI for batch scanning directories, it's a free open source security scanner github tool tailored for agent skills.

Why is it gaining traction?

Unlike basic github security scanning tools that miss runtime behaviors, SkillWard executes skills in isolated sandboxes, catching one-third of suspicious cases static/LLM analysis overlooks—think persistence backdoors or supply-chain attacks. Benchmarks on 5,000 real skills flagged 25% unsafe, with detailed UI reports showing logs, threat evidence, and three-mode scans (quick, sandbox, deep trace). Its security github actions integration and policy tuning make it practical for pre-deploy checks.

Who should use this?

AI platform engineers vetting user-submitted agent skills from repositories like ClawHub. Security teams auditing github security projects or copilot-generated code for prompt injection and over-permissions. Devs building security scanner software for agent workflows, especially those needing online security scanner free options beyond github security advisories.

Verdict

Promising early security scanner open source project with solid docs, benchmarks, and Docker-ready CLI/UI—try it for agent risk assessment. At 43 stars and 1.0% credibility score, it's immature with limited community testing; prototype for now, watch for production hardening.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.