AI agents are getting powerful. They can browse the web, execute code, access your files. And we're all plugging in random "skills" and MCP servers without knowing what they actually do.
We scanned 33,530 AI agent skills from ClawHub, SkillsMP, and MCP Market.
The result: 12% contain critical security issues:
- 🔑 Credential stealers
- 🐚 Reverse shells
- 💉 Prompt injection attacks
- 📤 Data exfiltration
SkillShield is the first security-scored directory for AI agent skills. Every extension gets:
- 0-100 Trust Score — instantly see if a skill is safe
- Detailed Risk Breakdown — what vulnerabilities were found
- Category Browsing — 15 categories, from Development to Security
- Full-Text Search — find skills by name, author, or description
- Free CLI Scanner — audit skills locally before installing
Dashboard Overview
Hero Section
Browse Verified Skills
👉 skillshield.dev — Pre-scanned database of 33,530+ skills
# Coming soon: CLI scanner
npm install -g skillshield-cli
skillshield scan ./skill.md| Metric | Count |
|---|---|
| Skills Scanned | 33,530+ |
| Malicious Detected | 4,023 (12%) |
| Categories | 15 |
| Marketplaces Covered | 3 |
Every skill undergoes three-layer analysis:
- Static Code Inspection — Pattern matching for known attacks
- Prompt Injection Detection — Behavioral analysis of AI interactions
- Sandboxed Execution — Safe environment testing
- Development
- Security
- Business
- Data & Analytics
- Communication
- Productivity
- And 10 more...
- 🌐 Website: skillshield.dev
- 🐦 Twitter: @charlescsturt
- 📧 Contact: charles@skillshield.dev
MIT License — Open source and free to use.
Built because we got paranoid about AI security. 🔒