Summary
This is a three-step security scanner for Claude skills that combines static analysis with AI judgment. It flags potential risks using regex patterns, then generates audit prompts that you (the AI agent) are supposed to analyze to filter false positives and assess real threats. You run the scanner twice: once to collect data, then again after writing audit.json files to bake your analysis into the final HTML dashboard. The workflow is explicit about the AI doing actual security analysis, not just running commands. It's overkill for casual use but makes sense if you're managing a bunch of third-party skills and need a systematic audit trail. The scanner itself doesn't execute code or expose secrets.
Install
npx skills add https://github.com/toolsai/skills-security-check --skill skills-security-check
