AI Native Agent Skill security auditing tool - an LLM-driven multi-stage code audit and vulnerability review pipeline
Project description
Skill-Scan
English | 中文
AI Native Agent Skill security auditing tool — an LLM-driven multi-stage code audit and vulnerability review pipeline.
skill-scan is a subproject of Tencent AI-Infra-Guard, purpose-built for static security auditing of AI Agent Skill projects (OpenClaw Skills, etc.). It runs a three-stage pipeline powered by LLM-driven deep analysis:
- Info Collection — project structure, language, entry-point identification
- Code Audit — parallel multi-skill auditing (data leakage, tool abuse, indirect injection, authorization bypass, etc.)
- Vulnerability Review — deduplication, false-positive filtering, severity scoring, report generation
Vulnerability classification follows the SkillTrustBench T01–T09 taxonomy. Verdicts: malicious (clear attack intent) / suspicious (vulnerability present but no clear attack intent) / normal (benign).
Installation
# From PyPI
pip install aig-skill-scan
# Or from source (development)
git clone https://github.com/Tencent/AI-Infra-Guard.git
cd AI-Infra-Guard/skill-scan
pip install -e .
Requires Python ≥ 3.9.
Quick Start
Command Line
# Scan a local Skill project directory
skill-scan --repo /path/to/your/skill \
-m deepseek/deepseek-v3.2-exp \
-k $OPENROUTER_API_KEY \
-u https://openrouter.ai/api/v1 \
--language en \
-o result.json
# Or invoke as a module
python -m skill_scan --repo /path/to/your/skill -k $OPENROUTER_API_KEY
Full options:
skill-scan --help
| Option | Description | Default |
|---|---|---|
--repo |
Path to the Skill project directory to scan (required) | — |
-m, --model |
LLM model name | deepseek/deepseek-v3.2-exp |
-k, --api_key |
API key (falls back to env vars if omitted) | — |
-u, --base_url |
API base URL | https://openrouter.ai/api/v1 |
-p, --prompt |
Custom scan prompt (optional) | — |
--language |
Output language: zh / en |
zh |
--debug |
Enable debug mode | false |
--aig-mode |
Enable AIG integration mode (emit structured JSON to stdout for the Go backend; not needed for standalone use) | false |
-o, --output |
Save the scan result as a JSON file | — |
--aig-modeis intended for the AI-Infra-Guard platform backend. When enabled, it writesnewPlanStep/statusUpdate/toolUsedstructured JSON lines to stdout. Do not enable it when usingpip installstandalone — it will pollute your terminal with JSON.
Programmatic Usage
import asyncio
from skill_scan.agent.agent import Agent
from skill_scan.utils.llm import LLM
from skill_scan.utils.llm_manager import LLMManager
from skill_scan.utils.aig_logger import mcpLogger
async def run():
llm = LLM(model="deepseek/deepseek-v3.2-exp",
api_key="sk-...",
base_url="https://openrouter.ai/api/v1",
context_window=128_000)
mgr = LLMManager(api_key="sk-...", base_url="https://openrouter.ai/api/v1")
specialized = mgr.get_specialized_llms(["thinking", "coding"])
agent = Agent(llm=llm, specialized_llms=specialized,
debug=False, language="en")
# Uncomment the next line if you need structured JSON logs (e.g. integrating into another system)
# mcpLogger.enable()
result = await agent.scan("/path/to/your/skill", "", "en")
print(result)
asyncio.run(run())
Configuration
All configuration is injected via environment variables or a .env file. skill-scan looks for .env in this order:
- Package root (
site-packages/skill_scan/.env— rarely used post-install) - Current working directory (
./.env— recommended)
Key environment variables:
| Variable | Description | Default |
|---|---|---|
OPENROUTER_API_KEY / LLM_API_KEY / OPENAI_API_KEY |
LLM API key | — |
LLM_MODEL / OPENAI_MODEL |
Default model | deepseek/deepseek-v3.2-exp |
LLM_BASE_URL / OPENAI_BASE_URL |
Default base URL | https://openrouter.ai/api/v1 |
DEFAULT_MODEL_CONTEXT_WINDOW |
Main model context window | 128000 |
THINKING_MODEL / CODING_MODEL / FAST_MODEL |
Specialized models | gemini-2.5-pro / claude-sonnet-4.5 / gemini-2.0-flash-exp |
LOG_LEVEL |
Log level | INFO |
Architecture
skill_scan/
├── agent/ # Three-stage ScanPipeline orchestration
│ ├── agent.py # Agent class, dispatches Info → Audit → Review
│ └── base_agent.py # LLM loop + tool-calling base class
├── tools/ # XML-schema tool registry
│ ├── registry.py # @register_tool decorator
│ ├── dispatcher.py # ToolDispatcher, routes tool calls
│ ├── file/ ls/ grep/ dir/ base64_decode/ thinking/ finish/
│ └── *_schema.xml # XML schemas consumed by the LLM
├── utils/
│ ├── llm.py # OpenAI-compatible client
│ ├── llm_manager.py # Multi-role LLM manager (thinking/coding/fast)
│ ├── prompt_manager.py# Prompt template loader (from skill_scan/prompt/)
│ ├── aig_logger.py # AIG integration logger (off by default, enabled via --aig-mode)
│ ├── extract_vuln.py # <vuln> XML extraction and parsing
│ ├── project_analyzer.py # Language detection + calc_skill_score
│ └── pre_scan.py # Pre-scan, generates project summary
├── prompt/ # Packaged prompt templates
│ ├── system_prompt.md
│ ├── compact.md next_prompt.md format_report.md
│ └── agents/ # Per-stage prompts
└── main.py # CLI entry point (cli / main / parse_args)
Scoring
calc_skill_score mirrors mcp-scan's calc_mcp_score:
| Severity | Deduction |
|---|---|
| Critical | -100 |
| High | -40 |
| Medium | -25 |
| Low / Info | -10 |
Final skill score = max(0, 100 - Σ deductions).
Development
# Install dev dependencies
pip install -e ".[dev]"
# Lint / format
ruff check skill_scan
ruff format skill_scan
# Build locally
python -m build
# Install and test locally
pip install dist/aig_skill_scan-0.1.0-py3-none-any.whl
skill-scan --help
License
Apache License 2.0. Any redistribution or derivative work must clearly state "Based on Tencent Zhuque Lab AI-Infra-Guard" in its documentation or UI and link to the original repository at https://github.com/Tencent/AI-Infra-Guard. See NOTICE for details.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aig_skill_scan-0.1.4.tar.gz.
File metadata
- Download URL: aig_skill_scan-0.1.4.tar.gz
- Upload date:
- Size: 66.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
940cdcf97c30c67110a8943797eba92a88a61e2660aa3f3429735db868fec087
|
|
| MD5 |
e0c7e4dbeb2e30554dcacf8ba28875b2
|
|
| BLAKE2b-256 |
1188e4ac92090baa70f9f6ca147b1634bee47c4459825ab004533b34a61144e4
|
File details
Details for the file aig_skill_scan-0.1.4-py3-none-any.whl.
File metadata
- Download URL: aig_skill_scan-0.1.4-py3-none-any.whl
- Upload date:
- Size: 84.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
70f66cd8c38932a01715ae9ef2c111bc8ea86b44242cab11791296ed44beded7
|
|
| MD5 |
56900134b57ba633ead6e88396757375
|
|
| BLAKE2b-256 |
c8121e144eff96261e72793e74673a62dc89ce3fd5aa41b24406f7835198c0a1
|