agent-skill-scan-mcp

> Last updated: 2026-03-31

Scan OpenClaw SKILL.md and Model Context Protocol (MCP) tool definition files for security vulnerabilities — directly from Claude Code.

22 detection rules across prompt injection, capability escalation, data exfiltration, encoded payloads, and composition risks. This is the only scanner targeting agent skill file formats specifically. Generic Static Application Security Testing (SAST) tools produce zero detections on these formats.

Requires Python 3.10+ and the scanner engine:

pip install agent-skill-scanner

Add to your Claude Code MCP settings:

{
  "mcpServers": {
    "agent-skill-scanner": {
      "command": "python3",
      "args": ["/path/to/agent-skill-scan-mcp/server.py"]
    }
  }
}

Replace /path/to/ with the actual path where you cloned this repo.

Scan a single skill file for security vulnerabilities.

scan_skill_file(file_path="/path/to/SKILL.md")

Returns findings with severity, rule ID, description, and evidence.

Recursively find and scan all agent skill files in a directory.

scan_directory(directory_path="/path/to/skills/")

Returns aggregated findings across all discovered skill files.

22 rules across 5 categories:

| Category | Examples | |----------|---------| | Prompt injection | System prompt override, role hijacking, instruction injection | | Capability escalation | Privilege escalation, shell spawning, persistence mechanisms | | Data exfiltration | Credential access, environment variable reads, outbound transfer | | Encoded payloads | Base64 commands, hex payloads, obfuscated strings | | Composition risks | Unrestricted tool chaining, cross-skill data flow, trust violations |

This scanner targets OpenClaw SKILL.md and MCP tool definition formats — markdown-embedded code and YAML