Read every line of a skill before it reads your machine.
SkillTrust runs the open-source skill-detector engine over any Claude Skill, Codex skill, or third-party AI prompt pack — flagging prompt injection, credential exfiltration, supply-chain risk, and over-broad permissions.
Three steps from "looks interesting" to "safe to install."
Point us at a skill
Paste a GitHub URL or upload a zip. We work with Claude Skills, Codex skills, and any file-based AI skill format.
Engine sweeps the bundle
Six rule families fire in parallel: injection, supply chain, exfiltration, misconfiguration, integrity, access control.
Get a focused report
Severity-ranked findings with file paths, evidence, and a shareable link you can paste into Slack or a PR.
Built for the exact shape of an AI-skill attack.
Generic SAST and secret scanners don't understand skill manifests, system prompts, or permission declarations. SkillTrust does — six rule families, purpose-built for this format.
Prompt injection detection
Catches "ignore previous instructions," hidden role markers, system-override phrases, and obfuscated payloads embedded in SKILL.md or system prompts.
Exfiltration scanning
Flags reads of .env, .ssh, AWS creds, and outbound HTTP to unknown hosts or paste services.
Permission auditing
Surfaces declared vs. actual capability gaps: shell access, wildcard egress, destructive commands.
Supply-chain checks
Unpinned installs, typosquats, curl | sh pipelines, dependency provenance.
Integrity verification
Ruleset checksum compared at every scan — engine tampering is loud, not silent.
Vet your next skill in under a minute.
No account required. Sign up if you want history, shareable links, and a higher rate limit.