SkillRisk

SkillRisk provides comprehensive security analysis for agent skills, specifically targeting Claude Code and MCP definitions. It rapidly identifies potential vulnerabilities by parsing skill definitions (JSON/YAML) and checking for critical risks. Key features include detecting privilege escalation where unchecked sudo or root access is present, pinpointing injection risks in arguments susceptible to command injection, and uncovering malicious hooks, such as hidden execution scripts like PreToolUse hijacking. This tool operates on a 100% local-first and static basis, meaning it audits your code without ever executing it, ensuring full data privacy and security. This robust scanner is designed to secure agent workflows in mere seconds, preventing catastrophic issues like data exfiltration, accidental data deletion, or supply chain compromises. It pays close attention to the intricacies of the Claude Code skill specification, catching nuances that general static analysis tools frequently miss. By vetting external model parameters and tool permissions, SkillRisk helps maintain the integrity of MCP servers and other development environments. Ideal for developers, security professionals, and teams deploying agent skills, SkillRisk ensures that your tools are safe and compliant before they ever go live. Protect your projects from costly security breaches and maintain trust in your agent-driven operations.