yaojingang / yao-doctor-skill

Public

Security-first audit skill for local skill libraries and AI workbench surfaces

100% credibility

Found Apr 20, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Python

AI Summary

A security auditing tool that scans local AI skill packages and workbench configurations for capability risks and unsafe behaviors, producing bilingual HTML reports with evidence-based analysis.

How It Works

🔍 Discover Yao Doctor

You learn about Yao Doctor Skill, a friendly security checker for your AI helper collections.

📥 Bring it home

Download the tool to your computer so you can start protecting your AI skills.

🗂️ Point to your folders

Show the tool the folders where your AI skills and workbench setups live.

🚀 Launch the check

With one easy start, it scans everything for hidden risks and unsafe tricks.

📄 Open your report

A colorful webpage pops up with clear overviews, risk breakdowns, and advice cards.

⚠️ Spot the issues

See highlighted dangers like sneaky data grabs or risky behaviors with proof and fixes.

✅ Skills secured

You now know what's safe, quarantine the bad ones, and keep your AI world protected.

Sign up to see the full architecture

5 more

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is yao-doctor-skill?

Yao-doctor-skill is a Python tool for security-first audits of local skill libraries and AI workbench surfaces like Codex or Claude configs. It scans packages for capability risks versus unsafe behaviors, outputting bilingual HTML reports with global overviews, type-based analysis, per-module opinions, and evidence trails tied to paths, lines, and confidence scores. Fire it up with a CLI command like `python3 run_yao_doctor_skill.py --full-scan` to audit your skills and get JSON, Markdown, or HTML results.

Why is it gaining traction?

It separates innocent permissions from exfiltration or exec risks, with pressure-tested detection for cross-file chains, remote pulls, and credential leaks—stuff traditional Python scanners overlook in AI agents. Users get stable report paths for CI, plus UI contracts that won't break silently. The hook: visual, actionable audits tailored for workbench environments, not generic code smells.

Who should use this?

AI workbench operators auditing local skill libraries before deployment, Python devs building agent surfaces who need quick security doctor checks, security teams handling first security audits on yao-style skills. Perfect for metro security first amendment audit-style reviews of agent behaviors in isolated labs.

Verdict

Early days with 10 stars and 1.0% credibility score, but strong docs, example reports, and built-in pressure evals signal real potential for local AI security. Try it if you're auditing workbench skills; pair with baselines for production use as it matures.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 10 stars

Penalty: Very new repo (1d): -70%

Bonus: AI verified quality (100%)

Account age: 44 days

Repo age: 1 days

Updated: Apr 20, 2026