Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

SkillGuard

БесплатноНе проверен

Enables scanning of Claude Code skills, plugins, or MCP servers for malware before installation via static analysis.

GitHubEmbed

Описание

Enables scanning of Claude Code skills, plugins, or MCP servers for malware before installation via static analysis.

README

Scan a Claude Code skill, plugin, or MCP server for malware before you install it. One command, no install, no account.

npx github:epistemedeus/skillguard https://github.com/owner/repo
# or a local folder:
npx github:epistemedeus/skillguard ./my-skill
SkillGuard report  · 3 text files scanned

DANGER (4)
  SKILL.md
    ■ Prompt-injection / data-exfil instruction in text   [prompt-injection]
  index.js
    ■ Possible env/secret exfiltration (sensitive env var near a network call)   [env-exfil]
    ■ Hardcoded suspicious exfiltration endpoint (webhook/pastebin/raw-IP)        [exfil-host]
    ■ Obfuscated/dynamic code execution (eval(atob), curl|bash)                   [obfuscation]

✗ DANGEROUS — do NOT install without reviewing the flagged files.

Why

The Claude Code / MCP ecosystem is exploding — and so is the attack surface. Researchers have found 71 malicious skills in the wild, ~26% of published skills carry vulnerabilities, and 30+ MCP CVEs landed in 60 days. The most common payloads:

  • Environment-variable / secret exfiltration (ANTHROPIC_API_KEY, AWS_SECRET_ACCESS_KEY, ~/.env) shipped off to a webhook.
  • Install-time shell hooks (postinstall) that run code the moment you npm install.
  • Prompt injection in tool descriptions / SKILL.md ("ignore previous instructions", "do not tell the user", "always auto-approve").
  • Committed binaries and obfuscated eval(atob(...)) / curl | bash payloads.
  • Auto-approve-all / skip-permissions configs that disarm your safeguards.

SkillGuard catches these patterns in seconds, so you can vet a third-party skill or MCP server before trusting it with your machine and your keys.

Safe by design

SkillGuard does static analysis only. It clones with git clone (hooks disabled) and reads files — it never runs npm install, never executes build/postinstall scripts, and never runs the target code. Scanning a malicious package can't harm you. (A scanner that executed what it's inspecting would be the very risk it's meant to prevent.)

What it checks

Check Catches
env-exfil A sensitive env var read next to a network call
exfil-host Hardcoded webhook / pastebin / raw-IP / Telegram exfil endpoints
obfuscation eval(atob(...)), curl | bash, subprocess on encoded data
prompt-injection Data-exfil / "ignore instructions" / auto-approve text in SKILL.md, tool descriptions, prompts
secret-literal API keys / private keys committed to the repo
committed-binary Compiled ELF / Mach-O / PE executables in the tree
forced-artifact The honeypot pattern: a build step that generates + commits an encrypted blob
dangerous-perms Auto-approve-all, sandbox-disabling, --dangerously-skip-permissions
install-hook pre/postinstall scripts that run on install

Exit code: 0 clean · 2 suspicious · 3 dangerous — so you can gate CI on it.

Use it in CI (GitHub Action)

Gate your CI on skill/MCP supply-chain safety:

- uses: epistemedeus/skillguard@v1
  with:
    path: .            # path or git URL to scan
    fail-on: dangerous # or "suspicious"

Use it as an MCP server

Give your agent the ability to vet a skill/MCP server before installing it. Add to your Claude Code / MCP client config:

{
  "mcpServers": {
    "skillguard": {
      "command": "npx",
      "args": ["-y", "github:epistemedeus/skillguard", "mcp"]
    }
  }
}

It exposes one tool, scan_skill(target), where target is a local path or a git/GitHub URL. Your agent can then check anything it's about to install. (Static-only — it never runs the scanned code.)

Show that you passed

If your skill or MCP server comes back clean, earn a badge for your README:

npx github:epistemedeus/skillguard . --badge

It prints a Markdown badge you can paste in — a signal to your users that you ran a malware scan:

SkillGuard: no known malware

Free vs. paid

The CLI is free and MIT-licensed — run it as often as you like. If you install third-party skills/MCPs regularly and want to stop worrying:

  • One-time deep audit ($29) — we manually review a skill/MCP/plugin you're about to depend on and send you a written risk report, same day.
  • Watch mode ($12/mo) — we re-scan the skills + MCP servers you depend on every time they ship an upstream release, and alert you the moment new risk appears (the rug-pull / mutable-tool problem).

samedaydesk.com/skillguard

Limitations

Heuristics catch known-bad patterns; a determined, novel attack can evade any static scanner. SkillGuard is a fast first line of defense, not a guarantee. Always review code from untrusted authors.


MIT · by SameDayDesk · issues + PRs welcome.

from github.com/epistemedeus/skillguard

Установить SkillGuard в Claude Desktop, Claude Code, Cursor

Рекомендуется · одна команда, все IDE
unyly install skillguard

Ставит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.

Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh

Или настроить вручную

Выполни в терминале:

claude mcp add skillguard -- npx -y skillguard

FAQ

SkillGuard MCP бесплатный?

Да, SkillGuard MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для SkillGuard?

Нет, SkillGuard работает без API-ключей и переменных окружения.

SkillGuard — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить SkillGuard в Claude Desktop, Claude Code или Cursor?

Открой SkillGuard на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare SkillGuard with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development