Agent Skills Guardβ„’

The industry standard for AI Agent security. We verify every skill against 45 strict rules across 8 risk categories.

How Grading Works

Grade A
Safe & Verified
Score 90-100
Grade B
Low Risk
Score 70-89
Grade C
Caution
Score 50-69
Grade F
Dangerous
Fail / Critical Risk
⚑

1. Remote Code Execution (RCE)

Skills that execute arbitrary code from user input or external sources.

Critical Risk
  • β€’No use of `eval()` or `exec()` with untrusted input
  • β€’No dynamic import of modules based on user input
  • β€’No deserialization of untrusted data (e.g. `pickle.load`)
  • β€’No runtime compilation of code strings
πŸ’»

2. Command Injection

Skills that execute shell commands which could be manipulated.

Critical Risk
  • β€’No use of `os.system()`
  • β€’No `subprocess.run(shell=True)`
  • β€’Arguments must be properly escaped or passed as a list
  • β€’No pipe `|` execution from variables
πŸ’₯

3. Destructive Operations

Operations that can permanently delete or modify critical system files.

High Risk
  • β€’No `rm -rf` or recursive delete commands
  • β€’No overwriting of system configuration files
  • β€’No modification of boot records or startup scripts
  • β€’No raw disk writes
πŸ“‘

4. Network Exfiltration

Unauthorized transmission of data to external servers.

High Risk
  • β€’No sending local file contents to arbitrary URLs
  • β€’No embedding of tracking pixels or telemetry without consent
  • β€’No uploading of `.env` or credential files
  • β€’Network requests must be to whitelisted domains (for Verified skills)
πŸ“‚

5. Sensitive File Access

Reading files that may contain secrets or personal data.

Medium Risk
  • β€’No reading of `~/.ssh` directory
  • β€’No accessing `.aws`, `.azure`, or `.gcp` credential folders
  • β€’No reading `/etc/passwd` or system files
  • β€’No accessing browser history databases
πŸ”‘

6. Secrets Leakage

Hardcoding or logging of API keys and passwords.

Medium Risk
  • β€’No hardcoded API keys in source code
  • β€’No logging of environment variables
  • β€’No printing secrets to stdout/stderr
  • β€’No committing `.env` files
🧟

7. Persistence & Backdoors

Mechanisms that allow the skill to persist or re-execute without user knowledge.

High Risk
  • β€’No creation of cron jobs or scheduled tasks
  • β€’No expanding shell aliases or functions
  • β€’No installing background services or daemons
  • β€’No auto-starting on system boot
πŸ‘‘

8. Privilege Escalation

Attempts to gain root or administrator privileges.

Critical Risk
  • β€’No use of `sudo` or `su` commands
  • β€’No modification of file permissions (`chmod 777`)
  • β€’No Windows UAC bypass attempts
  • β€’No container escape techniques

Protect Your Team Today

Don't let unverified skills compromise your infrastructure. Use our free scanner or apply for enterprise verification.

Back to Scanner