All activity
April Elevenleft a comment
Hi Product Hunt! š Iām the maker of SkillRisk. I built this tool after hearing a horror story: A developer installed a "Pro Color Picker" skill for their agent. It looked innocent, but hidden in version 2.1 was a background thread scanning for AWS keys. It spun up 200 GPU instances and cost them $54,000 in a single weekend. šø It hit me: We treat AI "Skills" like innocent plugins, but they are...
SkillRiskSecurity scanner for Claude Code & MCP skills.
SkillRisk is a static security analyzer designed for AI Agent Skills (focusing on Claude Code & MCP).
It parses skill definitions (JSON/YAML) to instantly detect:
š”ļø Privilege Escalation: Spots unchecked sudo or root access.
š Injection Risks: Finds arguments vulnerable to command injection.
šµļø Malicious Hooks: Identifies hidden execution scripts (like PreToolUse hijacking).
100% Local-First & Static. We don't execute your code; we audit it. Secure your Agent workflow in seconds.
SkillRiskSecurity scanner for Claude Code & MCP skills.