skill-scanner

Q: How to install skill-scanner?

Create the skills directory: mkdir -p .claude/skills. Then run: mkdir -p .claude/skills && curl -o .claude/skills/skill-scanner.md https://raw.githubusercontent.com/redhat-community-ai-tools/claude-plugins/main/SKILL.md. Finally, /skill-scanner in Claude Code.

Q: What is skill-scanner best for?

skill-scanner is categorized under General. It covers: security, plugin.

New

7Community RegistryGeneralby Eran Cohen

Scan Claude Code plugins and skills for security vulnerabilities, prompt injection, and malicious instructions

First seen 5/22/2026

Summary

This skill scans Claude Code plugins and skills for security vulnerabilities, prompt injection attacks, and malicious instructions.

It helps developers safely evaluate third-party extensions before integrating them into their workflows.

Install & Usage

Create the skills directory

mkdir -p .claude/skills

Download the skill file

mkdir -p .claude/skills && curl -o .claude/skills/skill-scanner.md https://raw.githubusercontent.com/redhat-community-ai-tools/claude-plugins/main/SKILL.md

Invoke in Claude Code

/skill-scanner

Use Cases

Scan a newly downloaded Claude Code plugin for hidden prompt injection payloads before using it.

Audit a custom skill for insecure code patterns that could leak sensitive data.

Check a skill's instructions for obfuscated commands or unauthorized system calls.

Verify that a plugin from an untrusted source does not contain backdoors or data exfiltration logic.

Review a skill's dependencies and API calls for potential security risks.

Ensure a skill complies with security best practices before sharing it with a team.

Usage Examples

/skill-scanner scan ./path/to/skill.yaml

/skill-scanner audit --url https://example.com/plugin.json

Check this skill for security issues: /skill-scanner analyze --file my-skill.claude

View source on GitHub

securityplugin

Security Audits

LicenseUnknownSourceWarnRepositoryPass

Frequently Asked Questions

What is skill-scanner?

This skill scans Claude Code plugins and skills for security vulnerabilities, prompt injection attacks, and malicious instructions. It helps developers safely evaluate third-party extensions before integrating them into their workflows.

How to install skill-scanner?

To install skill-scanner: create the skills directory (mkdir -p .claude/skills), then run: mkdir -p .claude/skills && curl -o .claude/skills/skill-scanner.md https://raw.githubusercontent.com/redhat-community-ai-tools/claude-plugins/main/SKILL.md. Finally, /skill-scanner in Claude Code.

What is skill-scanner best for?

skill-scanner is a skill categorized under General. It is designed for: security, plugin. Created by Eran Cohen.

What can I use skill-scanner for?

skill-scanner is useful for: Scan a newly downloaded Claude Code plugin for hidden prompt injection payloads before using it.; Audit a custom skill for insecure code patterns that could leak sensitive data.; Check a skill's instructions for obfuscated commands or unauthorized system calls.; Verify that a plugin from an untrusted source does not contain backdoors or data exfiltration logic.; Review a skill's dependencies and API calls for potential security risks.; Ensure a skill complies with security best practices before sharing it with a team..