MCP.so
登录
A

Agent Skill Scanner

@rexcoleman

关于 Agent Skill Scanner

Scan OpenClaw SKILL.md and MCP tool definition files for security vulnerabilities. 22 rules across prompt injection, capability escalation, data exfiltration, encoded payloads, and composition risks. The only scanner targeting agent skill file formats.

基本信息

分类

AI 与智能体

传输方式

stdio

发布者

rexcoleman

提交者

Rex Coleman

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "agent-skill-scanner": {
      "command": "python3",
      "args": [
        "/path/to/agent-skill-scan-mcp/server.py"
      ],
      "env": {}
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Agent Skill Scanner?

Agent Skill Scanner scans OpenClaw SKILL.md and Model Context Protocol (MCP) tool definition files for security vulnerabilities directly from Claude Code. It is for developers building agent skill files who need targeted security analysis beyond generic SAST tools.

How to use Agent Skill Scanner?

Install with pip install agent-skill-scanner, then configure in Claude Code's MCP settings by adding the agent-skill-scanner server pointing to the server.py script. Use the tools scan_skill_file (to scan a single file) or scan_directory (to recursively scan a directory) from within Claude.

Key features of Agent Skill Scanner

  • 22 detection rules across prompt injection, capability escalation, data exfiltration, encoded payloads, and composition risks.
  • Targets OpenClaw SKILL.md and MCP tool definition formats (missed by generic SAST tools).
  • Returns findings with severity, rule ID, description, and evidence.
  • Recursively scans directories for agent skill files.
  • Runs fully locally via stdio; no network calls after install.
  • Source is open and auditable on GitHub.

Use cases of Agent Skill Scanner

  • Scan a single agent skill file for vulnerabilities before deployment.
  • Recursively scan a directory of skill files to get aggregated findings.
  • Integrate into a CI pipeline using the companion GitHub Action.
  • Identify hidden attacks like system prompt override or shell spawning in skill files.

FAQ from Agent Skill Scanner

What does Agent Skill Scanner detect that other scanners miss?

It detects vulnerabilities in OpenClaw SKILL.md and MCP tool definitions – markdown-embedded code and YAML skill configurations that generic SAST tools (semgrep, CodeQL) completely miss.

What are the runtime requirements for Agent Skill Scanner?

Python 3.10 or newer and the scanner engine installed via pip. No external services or network connections are required after the initial installation.

Where does Agent Skill Scanner store or send data?

All scanning is done locally via stdio. There is no data collection, telemetry, or outbound network calls beyond the initial pip install.

What are the limitations of Agent Skill Scanner?

It uses pattern-based detection only (no semantic analysis). It is designed specifically for OpenClaw SKILL.md and MCP tool definitions, and its rules cover known attack patterns from published research, not zero-days.

What transport does Agent Skill Scanner use for MCP?

It uses stdio transport to communicate with Claude Code. No HTTP or network transport is involved.

评论

AI 与智能体 分类下的更多 MCP 服务器