Security scanner for Claude Skills and Codex Skills packages - Detects prompt injection, data exfiltration, and malicious code

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for cisco-open from gravatar.com cisco-open

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Cisco
  • Tags ai-security , anthropic , claude , codex , llm-security , mcp , openai , prompt-injection , scanner , security , skills , static-analysis , threat-detection
  • Requires: Python >=3.10
  • Provides-Extra: all , azure , bedrock , vertex
Classifiers
Report project as malware

Project description

Skill Scanner

License Python 3.10+ PyPI version CI Discord Cisco AI Defense AI Security Framework

A security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. Combines pattern-based detection (YAML + YARA), LLM-as-a-judge, and behavioral dataflow analysis for comprehensive threat detection.

Supports Anthropic Claude Skills, OpenAI Codex Skills, and Cursor Agent Skills formats following the Agent Skills specification.

Highlights

  • Multi-Engine Detection - Static analysis, behavioral dataflow, LLM semantic analysis, and cloud-based scanning
  • False Positive Filtering - Meta-analyzer achieves ~65% noise reduction while maintaining 100% threat detection
  • CI/CD Ready - SARIF output for GitHub Code Scanning, exit codes for build failures
  • Extensible - Plugin architecture for custom analyzers

Join the Cisco AI Discord to discuss, share feedback, or connect with the team.

Documentation

Guide Description
Quick Start Get started in 5 minutes
Architecture System design and components
Threat Taxonomy Complete AITech threat taxonomy with examples
LLM Analyzer LLM configuration and usage
Meta-Analyzer False positive filtering and prioritization
Behavioral Analyzer Dataflow analysis details
API Reference REST API documentation
Development Guide Contributing and development setup

Installation

Prerequisites: Python 3.10+ and uv (recommended) or pip

# Using uv (recommended)
uv pip install cisco-ai-skill-scanner

# Using pip
pip install cisco-ai-skill-scanner
Cloud Provider Extras 
# AWS Bedrock support
pip install cisco-ai-skill-scanner[bedrock]

# Google Vertex AI support
pip install cisco-ai-skill-scanner[vertex]

# Azure OpenAI support
pip install cisco-ai-skill-scanner[azure]

# All cloud providers
pip install cisco-ai-skill-scanner[all]

Quick Start

Environment Setup (Optional)

# For LLM analyzer and Meta-analyzer
export SKILL_SCANNER_LLM_API_KEY="your_api_key"
export SKILL_SCANNER_LLM_MODEL="claude-3-5-sonnet-20241022"

# For VirusTotal binary scanning
export VIRUSTOTAL_API_KEY="your_virustotal_api_key"

# For Cisco AI Defense
export AI_DEFENSE_API_KEY="your_aidefense_api_key"

CLI Usage

# Scan a single skill (static analyzer only)
skill-analyzer scan /path/to/skill

# Scan with behavioral analyzer (dataflow analysis)
skill-analyzer scan /path/to/skill --use-behavioral

# Scan with all engines
skill-analyzer scan /path/to/skill --use-behavioral --use-llm --use-aidefense

# Scan with meta-analyzer for false positive filtering
skill-analyzer scan /path/to/skill --use-llm --enable-meta

# Scan multiple skills recursively
skill-analyzer scan-all /path/to/skills --recursive --use-behavioral

# CI/CD: Fail build if threats found
skill-analyzer scan-all ./skills --fail-on-findings --format sarif --output results.sarif

Python SDK

from skillanalyzer import SkillScanner
from skillanalyzer.core.analyzers import StaticAnalyzer, BehavioralAnalyzer

# Create scanner with analyzers
scanner = SkillScanner(analyzers=[
    StaticAnalyzer(),
    BehavioralAnalyzer(use_static_analysis=True),
])

# Scan a skill
result = scanner.scan_skill("/path/to/skill")

print(f"Safe: {result.is_safe}")
print(f"Findings: {len(result.findings)}")

Security Analyzers

Analyzer Detection Method Scope Requirements
Static YAML + YARA patterns All files None
Behavioral AST dataflow analysis Python files None
LLM Semantic analysis SKILL.md + scripts API key
Meta False positive filtering All findings API key
VirusTotal Hash-based malware Binary files API key
AI Defense Cloud-based AI Text content API key

CLI Options

Option Description
--use-behavioral Enable behavioral analyzer (dataflow analysis)
--use-llm Enable LLM analyzer (requires API key)
--use-virustotal Enable VirusTotal binary scanner
--use-aidefense Enable Cisco AI Defense analyzer
--enable-meta Enable meta-analyzer for false positive filtering
--format Output: summary, json, markdown, table, sarif
--output PATH Save report to file
--fail-on-findings Exit with error if HIGH/CRITICAL found

Example Output

$ skill-analyzer scan ./my-skill --use-behavioral

============================================================
Skill: my-skill
============================================================
Status: [OK] SAFE
Max Severity: SAFE
Total Findings: 0
Scan Duration: 0.15s

Contributing

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

License

Apache 2.0 - See LICENSE for details.

Copyright 2026 Cisco Systems, Inc. and its affiliates

GitHubDiscordPyPI

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for cisco-open from gravatar.com cisco-open

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Cisco
  • Tags ai-security , anthropic , claude , codex , llm-security , mcp , openai , prompt-injection , scanner , security , skills , static-analysis , threat-detection
  • Requires: Python >=3.10
  • Provides-Extra: all , azure , bedrock , vertex
Classifiers

Release history Release notifications | RSS feed

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

1.0.2

1.0.1

This version

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cisco_ai_skill_scanner-1.0.0.tar.gz (548.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cisco_ai_skill_scanner-1.0.0-py3-none-any.whl (241.9 kB view details)

Uploaded Python 3

File details

Details for the file cisco_ai_skill_scanner-1.0.0.tar.gz.

File metadata

  • Download URL: cisco_ai_skill_scanner-1.0.0.tar.gz
  • Upload date:
  • Size: 548.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for cisco_ai_skill_scanner-1.0.0.tar.gz
Algorithm Hash digest
SHA256 c4a8005d36fd95a3c674046765e38c90de439628a3c21bbf6adeba546ed1fcf8
MD5 9d5f5598483e5e61e5871e46faa18c63
BLAKE2b-256 16b462b70c4e64c29c7d4baaa8ca4bddfa2c627681bb0c2de4cb43db1e46b0e8

See more details on using hashes here.

Provenance

The following attestation bundles were made for cisco_ai_skill_scanner-1.0.0.tar.gz:

Publisher: release.yml on cisco-ai-defense/skill-scanner

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cisco_ai_skill_scanner-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for cisco_ai_skill_scanner-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 00992c458fb795f41e759447ba75ee013301aa409f2def400e7719b997e6d015
MD5 d8ed6270f405ffc82d3b4b9be1bbc793
BLAKE2b-256 7a9006c85356910b90c9487bf5aacff45ae434de5d3723268209b49eb0d526bb

See more details on using hashes here.

Provenance

The following attestation bundles were made for cisco_ai_skill_scanner-1.0.0-py3-none-any.whl:

Publisher: release.yml on cisco-ai-defense/skill-scanner

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page