explaingit

huta0kj/skill-scanner-agent

Analysis updated 2026-05-18

31PythonAudience · developerComplexity · 3/5LicenseSetup · moderate

TLDR

An AI powered tool that scans SKILL directories and produces written security audit reports.

Mindmap

mindmap
  root((Skill Scanner Agent))
    What it does
      Scans SKILL directories
      AI generated overview
      Code security audit
    Tech stack
      Python
      LangGraph
      LangChain
    Use cases
      Review skills before use
      Automate security first pass
      Document skill risks
    Audience
      Security reviewers
      Tool maintainers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Automatically review a SKILL directory for security risks before allowing it to run.

USE CASE 2

Generate a written overview report explaining what a skill does.

USE CASE 3

Audit script files inside a skill for code level vulnerabilities.

USE CASE 4

Produce consistent security documentation across a collection of skills.

What is it built with?

PythonLangGraphLangChainTyper

How does it compare?

huta0kj/skill-scanner-agentkkdai/linebot-multimodal-ragmarkmamed/imu-surgical-intention-perception
Stars313131
LanguagePythonPythonPython
Setup difficultymoderatehardhard
Complexity3/54/54/5
Audiencedeveloperdeveloperresearcher

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires API keys for at least one supported LLM model in config.yaml.

Use freely for any purpose, including commercial use, as long as you keep the copyright notice.

In plain English

Skill Scanner Agent is an automated security auditing tool that scans SKILL directories for potential security risks. SKILL here refers to a specific type of directory structure containing a SKILL.md file and associated scripts. The tool uses AI language models to read through the directory, understand what the skill does, and then check the included script files for security vulnerabilities, producing written reports of its findings. The workflow runs in three steps. First it validates the SKILL directory and extracts basic information about it. Then an AI agent generates an overview report summarizing what the skill does from a security perspective. Finally, another AI agent reviews any script files found in the directory and produces a code security audit. Each of these steps can be handled by a different AI model, which you configure in a settings file. Reports are saved as markdown files and can be output in either English or Chinese. You would use this when you are responsible for reviewing skills or plugins before allowing them to run, and you want an automated first pass at identifying security concerns without reading every line of code yourself. It is particularly relevant for teams managing collections of SKILL-based tools and wanting consistent security documentation. The tech stack is Python with LangGraph for workflow orchestration, LangChain for AI model integration, and Typer for the command line interface.

Copy-paste prompts

Prompt 1
Show me how to configure skill-scanner-agent to use different AI models for each step.
Prompt 2
Explain what the audit_scripts step checks for in a SKILL directory.
Prompt 3
Walk me through running skill-scanner-agent against a local SKILL folder.
Prompt 4
Help me set up LangSmith tracing for skill-scanner-agent.

Frequently asked questions

What is skill-scanner-agent?

An AI powered tool that scans SKILL directories and produces written security audit reports.

What language is skill-scanner-agent written in?

Mainly Python. The stack also includes Python, LangGraph, LangChain.

What license does skill-scanner-agent use?

Use freely for any purpose, including commercial use, as long as you keep the copyright notice.

How hard is skill-scanner-agent to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is skill-scanner-agent for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.