explaingit

fangcun-ai/skillward

Analysis updated 2026-05-18

123PythonAudience · ops devopsComplexity · 4/5LicenseSetup · moderate

TLDR

A three stage security scanner that checks AI agent skills for malicious behavior before they are published.

Mindmap

mindmap
  root((repo))
    What it does
      Scans AI agent skills
      Static and LLM checks
      Sandbox verification
    Tech stack
      Python
      Docker
      YARA rules
    Use cases
      Pre publish scanning
      Batch review
      Runtime threat detection
    Audience
      Security teams
      Agent developers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Scan a new AI agent skill for hidden malicious behavior before publishing it.

USE CASE 2

Run a batch scan across many skills to flag which ones need closer review.

USE CASE 3

Catch runtime only threats like data exfiltration that static code review would miss.

What is it built with?

PythonDockerYARA

How does it compare?

fangcun-ai/skillwardnolanx-ai/nolanx.aivibeforge1111/vibeship-scanner
Stars123123123
LanguagePythonPythonPython
Last pushed2026-03-04
MaintenanceMaintained
Setup difficultymoderatehardeasy
Complexity4/54/52/5
Audienceops devopsgeneralvibe coder

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Sandbox stage needs Docker installed and configured LLM provider keys.

Free to use, modify, and distribute, including commercially, as long as you keep the copyright notice.

In plain English

SkillWard is a security scanner built to check AI agent skills, the plugins or add on tools that AI agents can install and run, for malicious behavior before they get published or deployed. The project points to research showing that running several existing scanners on the same set of skills produced wildly inconsistent results, with agreement across all of them in only a tiny fraction of cases, which suggests current tools alone are not reliable enough. To address this, SkillWard uses three stages. The first stage runs static analysis, scanning a skill's code and configuration files with pattern matching rules that catch known attack signatures such as credential theft attempts, code injection, hidden files, and obfuscated payloads. The second stage uses an AI language model to reason about what a skill is actually trying to do, and assigns it a safety confidence score. Skills that remain uncertain after these first two stages move to a third stage, where SkillWard actually runs the skill inside an isolated Docker container with no access to the outside network, and watches its real behavior as it executes. Fake planted credentials act as bait, drawing out any skill that tries to steal data, hide a backdoor, or perform a supply chain attack that would otherwise only appear once the code is actually running. Testing against five thousand real world skills found that roughly a quarter were flagged as unsafe, and among the suspicious ones sent through to the sandbox, about a third revealed genuine runtime threats that scanners relying only on code review missed entirely. The tool ships with its own web interface, supports scanning a single skill or a whole batch at once, offers three separate scan modes of differing depth, and produces reports pointing to specific files along with suggested fixes. It is released under the Apache 2.0 license.

Copy-paste prompts

Prompt 1
Explain what SkillWard's three scan stages each check for.
Prompt 2
Show me how to run a Quick Scan versus a Sandbox Scan on a single skill.
Prompt 3
Walk me through what a honeypot credential does inside the sandbox stage.
Prompt 4
Help me set up SkillWard's web interface for batch scanning skills.

Frequently asked questions

What is skillward?

A three stage security scanner that checks AI agent skills for malicious behavior before they are published.

What language is skillward written in?

Mainly Python. The stack also includes Python, Docker, YARA.

What license does skillward use?

Free to use, modify, and distribute, including commercially, as long as you keep the copyright notice.

How hard is skillward to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is skillward for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.