Skill Security Checker

Name: Skill Security Checker Review
Item: Skill Security Checker
Rating: 4.8
Author: Aaron Matthews

Skill Security Recommended

Security audit tool for Claude Code skills with 26 detection categories: prompt injection, data exfiltration, reverse shells, privilege escalation, runtime defense hooks, plugin manifest inspection, and Semgrep validation.

Audit community skills for hidden security risks before installing
Detect prompt injection and data theft patterns in skill files
Generate security assessment reports for client skill deployments

1 starsMIT (commercial OK)FreeQuick setup

Why it matters

36% of community skills have security flaws per Snyk audit. A purpose-built scanner for Claude Code skills addresses the exact gap this observatory exists to fill — evaluating whether skills are safe before deploying them to clients.

Best for

Enterprise consultants and IT administrators evaluating community skills before deploying them to client environments — and security teams auditing their own skill development.

Works in

Claude Code Claude Cowork Claude Chat

Source

https://www.npmjs.com/package/claude-code-skill-security-che...

By aliksir

How to Get It

Option 1: Claude Desktop App (Code Mode)Click the + button next to the prompt box → Plugins → Add plugin. Search and click Install. Skills work in Claude Code only.

Option 2: Paste into Claude CodeCopy the command below and paste it into your conversation. Claude will install it.

Command

npx claude-code-skill-security-check

Tip: Paste this into a Claude Code conversation. Verify command matches your Claude Code version.

Time to functional5 minutesCostFree

Trust Signals Source Reviewed

Stars1Contributors1Last updated2026-03-28LicenseMIT (OK for commercial use)Weekly downloads56Known CVEsNone found

Data & Access

Data processingPrompts sent to Anthropic API. Enterprise/Team plans exclude training.

Community Pulse Growing

Discussed on Reddit

I've used AI to write 100% of my code for 1+ year as an engineer. 13 no-bs lesso — Reddit · 837 pts
Nobody checks what's inside Claude Code skills before installing them. So I buil — Reddit · 77 pts
If I have just one single tip to give you, it is forget Lovable, Replit, Base44 — Reddit · 47 pts

5 mentions across 1 sources

Reviewer notes

Source Reviewed review. These are observations, not a security certification.

Production-grade security scanner with 26 detection categories. Active maintenance, 274 weekly downloads, clear documentation and GitHub repo with detailed threat models. Directly addresses the core problem this observatory was built to solve.

Tool is designed to defend against skill-borne attacks. Zero runtime credential exposure. Community maintainer (aliksir) with demonstrated security expertise. Low download dependencies. Actively maintained with clear threat model documentation.

2026-04-02: LIMITATION: Extremely early stage (1 star, published March 28, 2026). The 26-category scanner hasn't been community-validated and may have significant false positive/negative rates. Treat as experimental.

Things to check

Single maintainer. Consider the risk if this person stops maintaining the project.

How to evaluate tools before deploying →

Data shown here comes from public APIs and automated scanning. Reviewer notes reflect one person's experience. This is not a security certification or legal recommendation. Always evaluate tools according to your own organization's policies.

Evaluation Scores

Evaluation

Ease of Use

5/5

Versatility

4/5

Reliability

5/5

Security

5/5

Overall score4.75 / 5.00 RecommendedEvaluatedMar 2026

Production-grade security scanner with 26 detection categories. Active maintenance, 274 weekly downloads, clear documentation and GitHub repo with detailed threat models. Directly addresses the core problem this observatory was built to solve.

← Back to Claude Tool Reviews