Summary
Before you install a third-party agent skill from OpenClaw, an MCP bundle, or a GitHub SKILL.md, run this static analyzer to catch red flags. It scans the description text for risky patterns like shell execution, credential access, remote webhooks, and prompt injection signals, then lists missing provenance details like license or uninstall steps. The marketplace-safe stdin runner needs zero filesystem or network permissions, so it can run in sandboxed environments. It won't execute anything or guarantee runtime safety, but it gives you a structured pre-install checklist before you hand filesystem or API access to an untrusted package.
Install to Claude Code
npx -y skills add aiskillstore/marketplace --skill agent-skill-trust-check --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
