Free AI Skills Security Scanner

• 30,000+ skills scanned to date
• 148 security checks per scan
• 3/day free scans for every user
• <60s average scan time

How It Works

1. Paste a GitHub URL — Enter a public GitHub repository URL containing AI skills or MCP server code.
2. Automated security audit — The scanner runs 148 checks across credential exposure, data exfiltration, prompt injection, SSRF, privilege escalation, and supply chain integrity.
3. Get your Security Score — Receive a composite score (0-100) with severity ratings, detailed findings, and prioritized remediation guidance.

What We Scan

• Credential Exposure — Detect leaked API keys, secrets, tokens, and credentials in skill definitions and configs.
• MCP Server Security — Detect data exfiltration and reverse shell attempts in MCP tool definitions.
• Prompt Injection — Identify system prompt manipulation and instruction override vulnerabilities.
• SSRF Vulnerabilities — Detect server-side request forgery risks in tool endpoints and fetch patterns.
• Supply Chain Integrity — Verify dependency safety, known CVEs, and package manifest integrity.
• Privilege Escalation — Identify unsafe permission patterns and excessive scope requests.

Trust & Transparency

• No data stored — Scan results are not persisted beyond your session
• Isolated execution — Every scan runs in a sandboxed container
• End-to-end encryption — All scan traffic is encrypted in transit
• OWASP aligned — Security checks follow the OWASP MCP Top 10 framework

Frequently Asked Questions

What does the free AI Skills Security Scanner check?

The scanner checks for credential exposure, data exfiltration vectors, prompt injection vulnerabilities, unsafe tool definitions, SSRF risks, privilege escalation, and supply chain integrity — aligned with the OWASP MCP Top 10.

How many scans can I run for free?

3 free scans per day for every registered user. No credit card required. Full audit pipeline with detailed findings and remediation guidance.

How does the scanner work technically?

Parallel sub-agents analyze multiple security dimensions simultaneously. Results are compiled into a composite Security Score (0-100) with a prioritized remediation plan.

Is my data safe during the scan?

Yes. All scans run in isolated containers with no data persistence. Scan traffic is encrypted end-to-end.

What types of GitHub repositories can I scan?

Any public GitHub repository. The scanner analyzes SKILL.md, README.md, mcp.json, and package.json files automatically.