Security scanner for Agent Skills packages - Detects prompt injection, data exfiltration, and malicious code

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for cisco-open from gravatar.com cisco-open

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Cisco
  • Tags ai-security , anthropic , claude , codex , llm-security , mcp , openai , prompt-injection , scanner , security , skills , static-analysis , threat-detection
  • Requires: Python >=3.10
  • Provides-Extra: all , azure , bedrock , vertex
Classifiers
Report project as malware

Project description

Skill Scanner

License Python 3.10+ PyPI version CI Discord Cisco AI Defense AI Security Framework

A security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. Combines pattern-based detection (YAML + YARA), LLM-as-a-judge, and behavioral dataflow analysis for comprehensive threat detection.

Supports OpenAI Codex Skills and Cursor Agent Skills formats following the Agent Skills specification.

Highlights

  • Multi-Engine Detection - Static analysis, behavioral dataflow, LLM semantic analysis, and cloud-based scanning
  • False Positive Filtering - Meta-analyzer significantly reduces noise while preserving detection capability
  • CI/CD Ready - SARIF output for GitHub Code Scanning, exit codes for build failures
  • Extensible - Plugin architecture for custom analyzers

Join the Cisco AI Discord to discuss, share feedback, or connect with the team.

Documentation

Guide Description
Quick Start Get started in 5 minutes
Architecture System design and components
Threat Taxonomy Complete AITech threat taxonomy with examples
LLM Analyzer LLM configuration and usage
Meta-Analyzer False positive filtering and prioritization
Behavioral Analyzer Dataflow analysis details
API Reference REST API documentation
Development Guide Contributing and development setup

Installation

Prerequisites: Python 3.10+ and uv (recommended) or pip

# Using uv (recommended)
uv pip install cisco-ai-skill-scanner

# Using pip
pip install cisco-ai-skill-scanner
Cloud Provider Extras 
# AWS Bedrock support
pip install cisco-ai-skill-scanner[bedrock]

# Google Vertex AI support
pip install cisco-ai-skill-scanner[vertex]

# Azure OpenAI support
pip install cisco-ai-skill-scanner[azure]

# All cloud providers
pip install cisco-ai-skill-scanner[all]

Quick Start

Environment Setup (Optional)

# For LLM analyzer and Meta-analyzer
export SKILL_SCANNER_LLM_API_KEY="your_api_key"
export SKILL_SCANNER_LLM_MODEL="claude-3-5-sonnet-20241022"

# For VirusTotal binary scanning
export VIRUSTOTAL_API_KEY="your_virustotal_api_key"

# For Cisco AI Defense
export AI_DEFENSE_API_KEY="your_aidefense_api_key"

CLI Usage

# Scan a single skill (static analyzer only)
skill-scanner scan /path/to/skill

# Scan with behavioral analyzer (dataflow analysis)
skill-scanner scan /path/to/skill --use-behavioral

# Scan with all engines
skill-scanner scan /path/to/skill --use-behavioral --use-llm --use-aidefense

# Scan with meta-analyzer for false positive filtering
skill-scanner scan /path/to/skill --use-llm --enable-meta

# Scan multiple skills recursively
skill-scanner scan-all /path/to/skills --recursive --use-behavioral

# CI/CD: Fail build if threats found
skill-scanner scan-all ./skills --fail-on-findings --format sarif --output results.sarif

Python SDK

from skill_scanner import SkillScanner
from skill_scanner.core.analyzers import StaticAnalyzer, BehavioralAnalyzer

# Create scanner with analyzers
scanner = SkillScanner(analyzers=[
    StaticAnalyzer(),
    BehavioralAnalyzer(use_static_analysis=True),
])

# Scan a skill
result = scanner.scan_skill("/path/to/skill")

print(f"Safe: {result.is_safe}")
print(f"Findings: {len(result.findings)}")

Security Analyzers

Analyzer Detection Method Scope Requirements
Static YAML + YARA patterns All files None
Behavioral AST dataflow analysis Python files None
LLM Semantic analysis SKILL.md + scripts API key
Meta False positive filtering All findings API key
VirusTotal Hash-based malware Binary files API key
AI Defense Cloud-based AI Text content API key

CLI Options

Option Description
--use-behavioral Enable behavioral analyzer (dataflow analysis)
--use-llm Enable LLM analyzer (requires API key)
--use-virustotal Enable VirusTotal binary scanner
--use-aidefense Enable Cisco AI Defense analyzer
--enable-meta Enable meta-analyzer for false positive filtering
--format Output: summary, json, markdown, table, sarif
--output PATH Save report to file
--fail-on-findings Exit with error if HIGH/CRITICAL found

Example Output

$ skill-scanner scan ./my-skill --use-behavioral

============================================================
Skill: my-skill
============================================================
Status: [OK] SAFE
Max Severity: SAFE
Total Findings: 0
Scan Duration: 0.15s

Contributing

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

License

Apache 2.0 - See LICENSE for details.

Copyright 2026 Cisco Systems, Inc. and its affiliates

GitHubDiscordPyPI

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for cisco-open from gravatar.com cisco-open

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Cisco
  • Tags ai-security , anthropic , claude , codex , llm-security , mcp , openai , prompt-injection , scanner , security , skills , static-analysis , threat-detection
  • Requires: Python >=3.10
  • Provides-Extra: all , azure , bedrock , vertex
Classifiers

Release history Release notifications | RSS feed

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

1.0.2

This version

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cisco_ai_skill_scanner-1.0.1.tar.gz (550.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cisco_ai_skill_scanner-1.0.1-py3-none-any.whl (241.7 kB view details)

Uploaded Python 3

File details

Details for the file cisco_ai_skill_scanner-1.0.1.tar.gz.

File metadata

  • Download URL: cisco_ai_skill_scanner-1.0.1.tar.gz
  • Upload date:
  • Size: 550.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for cisco_ai_skill_scanner-1.0.1.tar.gz
Algorithm Hash digest
SHA256 ec329cc9787d5244d81b57d9bff1cc1f507c61d58e4ae2d0539d47d68e2055b5
MD5 e354a2139c216152ad9f0489e29c0069
BLAKE2b-256 081c7b54a425b9e003dec9c3c9286c629686944ec7a3fd6bbd76054387de16b0

See more details on using hashes here.

Provenance

The following attestation bundles were made for cisco_ai_skill_scanner-1.0.1.tar.gz:

Publisher: release.yml on cisco-ai-defense/skill-scanner

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cisco_ai_skill_scanner-1.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for cisco_ai_skill_scanner-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 d09a908be3556b6c0628bfb2890f0d6777c9367cdff107e5e32d1e2bfa6241e9
MD5 fe7b61a618e365a9a2a78c57a2a2aec6
BLAKE2b-256 af166de092adf26bf9e95f1ada7ac308e2f36b0e56518d16a07d623ebaaa8ec1

See more details on using hashes here.

Provenance

The following attestation bundles were made for cisco_ai_skill_scanner-1.0.1-py3-none-any.whl:

Publisher: release.yml on cisco-ai-defense/skill-scanner

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page