Sponsored by Deepsite.site

MCP.so

Agent Skill Scanner

Created By
rexcolemana month ago
Scan OpenClaw SKILL.md and MCP tool definition files for security vulnerabilities. 22 rules across prompt injection, capability escalation, data exfiltration, encoded payloads, and composition risks. The only scanner targeting agent skill file formats.
# security
# agent-security
OverviewContentToolsComments
Overview

agent-skill-scanner MCP Server

Last updated: 2026-03-31

Scan OpenClaw SKILL.md and Model Context Protocol (MCP) tool definition files for security vulnerabilities — directly from Claude Code.

22 detection rules across prompt injection, capability escalation, data exfiltration, encoded payloads, and composition risks. This is the only scanner targeting agent skill file formats specifically. Generic Static Application Security Testing (SAST) tools produce zero detections on these formats.

Install

Requires Python 3.10+ and the scanner engine:

pip install agent-skill-scanner

Configure in Claude Code

Add to your Claude Code MCP settings:

{
  "mcpServers": {
    "agent-skill-scanner": {
      "command": "python3",
      "args": ["/path/to/agent-skill-scan-mcp/server.py"]
    }
  }
}

Replace /path/to/ with the actual path where you cloned this repo.

Tools

scan_skill_file

Scan a single skill file for security vulnerabilities.

scan_skill_file(file_path="/path/to/SKILL.md")

Returns findings with severity, rule ID, description, and evidence.

scan_directory

Recursively find and scan all agent skill files in a directory.

scan_directory(directory_path="/path/to/skills/")

Returns aggregated findings across all discovered skill files.

What it detects

22 rules across 5 categories:

CategoryExamples
Prompt injectionSystem prompt override, role hijacking, instruction injection
Capability escalationPrivilege escalation, shell spawning, persistence mechanisms
Data exfiltrationCredential access, environment variable reads, outbound transfer
Encoded payloadsBase64 commands, hex payloads, obfuscated strings
Composition risksUnrestricted tool chaining, cross-skill data flow, trust violations

Differentiator

This scanner targets OpenClaw SKILL.md and MCP tool definition formats — markdown-embedded code and YAML skill configurations that generic SAST tools (semgrep, CodeQL) miss entirely. If you're scanning general Python/JavaScript code, use Snyk or semgrep. If you're scanning agent skill files, this is the only tool that covers the format.

Trust & Security

This server runs locally via stdio. No network calls beyond the initial pip install. No data collection. No telemetry.

Source is fully auditable in this repo. The scanner engine source is at github.com/rexcoleman/agent-skill-scanner.

Limitations

  • Pattern-based detection only — no semantic analysis
  • Designed for OpenClaw SKILL.md and MCP tool definitions
  • Rules cover known attack patterns from published research, not zero-days

License

MIT

Server Config

{
  "mcpServers": {
    "agent-skill-scanner": {
      "command": "python3",
      "args": [
        "/path/to/agent-skill-scan-mcp/server.py"
      ],
      "env": {}
    }
  }
}
Recommend Servers
TraeBuild with Free GPT-4.1 & Claude 3.7. Fully MCP-Ready.
Baidu Map百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Zhipu Web SearchZhipu Web Search MCP Server is a search engine specifically designed for large models. It integrates four search engines, allowing users to flexibly compare and switch between them. Building upon the web crawling and ranking capabilities of traditional search engines, it enhances intent recognition capabilities, returning results more suitable for large model processing (such as webpage titles, URLs, summaries, site names, site icons, etc.). This helps AI applications achieve "dynamic knowledge acquisition" and "precise scenario adaptation" capabilities.
DeepChatYour AI Partner on Desktop
MCP AdvisorMCP Advisor & Installation - Use the right MCP server for your needs
BlenderBlenderMCP connects Blender to Claude AI through the Model Context Protocol (MCP), allowing Claude to directly interact with and control Blender. This integration enables prompt assisted 3D modeling, scene creation, and manipulation.
MiniMax MCPOfficial MiniMax Model Context Protocol (MCP) server that enables interaction with powerful Text to Speech, image generation and video generation APIs.
Visual Studio Code - Open Source ("Code - OSS")Visual Studio Code
Serper MCP ServerA Serper MCP Server
WindsurfThe new purpose-built IDE to harness magic
Y GuiA web-based graphical interface for AI chat interactions with support for multiple AI models and MCP (Model Context Protocol) servers.
Tavily Mcp
AiimagemultistyleA Model Context Protocol (MCP) server for image generation and manipulation using fal.ai's Stable Diffusion model.
CursorThe AI Code Editor
RedisA Model Context Protocol server that provides access to Redis databases. This server enables LLMs to interact with Redis key-value stores through a set of standardized tools.
Amap Maps高德地图官方 MCP Server
Howtocook Mcp基于Anduin2017 / HowToCook (程序员在家做饭指南)的mcp server,帮你推荐菜谱、规划膳食,解决“今天吃什么“的世纪难题; Based on Anduin2017/HowToCook (Programmer's Guide to Cooking at Home), MCP Server helps you recommend recipes, plan meals, and solve the century old problem of "what to eat today"
ChatWiseThe second fastest AI chatbot™
Jina AI MCP ToolsA Model Context Protocol (MCP) server that integrates with Jina AI Search Foundation APIs.
EdgeOne Pages MCPAn MCP service designed for deploying HTML content to EdgeOne Pages and obtaining an accessible public URL.
Playwright McpPlaywright MCP server