This is a security scanner you run before installing AI agent skills or MCP servers. It exposes three MCP tools: scan_url, scan_content, and get_report. Point it at a SKILL.md file or system prompt and it flags credential theft attempts, prompt injection, shell commands, zero-width Unicode tricks, and data exfiltration patterns. Returns a risk score and severity rating. Also available as a REST API at skillssafe.com if you want to hook it into CI or call it from scripts. No signup, no API key for basic use. Useful when you're pulling skills from public repositories or untrusted sources and want a second opinion before giving them access to your agent's context.
claude mcp add --transport stdio com.skillssafe-scanner uvx scanner