skillguard
NewStatic security scanner for AI agent skills and plugins — flags prompt injection, hidden Unicode, exfiltration, and dangerous commands in SKILL.md/CLAUDE.md and scripts.
Summary
SkillGuard is a static security scanner that analyzes AI agent skills and plugins for vulnerabilities like prompt injection, hidden Unicode characters, data exfiltration, and dangerous commands.
- md, and script files are safe to use before deployment.
Install & Usage
mkdir -p .claude/skillsmkdir -p .claude/skills && curl -o .claude/skills/skillguard.md https://raw.githubusercontent.com/praneel95/skillguard/main/SKILL.md/skillguardUse Cases
Usage Examples
/skillguard scan SKILL.md
/skillguard check CLAUDE.md --verbose
Scan all .md and .sh files in the current directory for security issues with /skillguard
Security Audits
Frequently Asked Questions
What is skillguard?
SkillGuard is a static security scanner that analyzes AI agent skills and plugins for vulnerabilities like prompt injection, hidden Unicode characters, data exfiltration, and dangerous commands. It helps developers ensure their SKILL.md, CLAUDE.md, and script files are safe to use before deployment.
How to install skillguard?
To install skillguard: create the skills directory (mkdir -p .claude/skills), then run: mkdir -p .claude/skills && curl -o .claude/skills/skillguard.md https://raw.githubusercontent.com/praneel95/skillguard/main/SKILL.md. Finally, /skillguard in Claude Code.
What is skillguard best for?
skillguard is a skill categorized under General. It is designed for: security, agent, plugin. Created by praneel95.
What can I use skillguard for?
skillguard is useful for: Scan a skill's SKILL.md file for potential prompt injection patterns before publishing.; Detect hidden Unicode characters or zero-width spaces in plugin configuration files.; Identify dangerous shell commands or data exfiltration attempts in agent scripts.; Audit a CLAUDE.md file for security issues before integrating it into an AI agent.; Check multiple skill files in a repository for common security vulnerabilities.; Validate that a plugin does not contain obfuscated malicious code before installation..