Skill Inspector

Skill Inspector provides a command‑line tool that examines AI agent skills for security problems before they are installed. It can scan skill folders directly or discover agents, MCP servers, and skills across environments such as Claude Code/Desktop, Cursor, Gemini CLI, and Windsurf. The scanner looks for prompt‑injection patterns, hidden instructions, malicious code, backdoors, data‑exfiltration attempts, and suspicious download sources, reporting findings to the user.

The tool is aimed at developers and security practitioners who build, deploy, or maintain AI agents and their associated skill libraries. By analysing the supply chain of an agent, it helps identify risks like credential exposure, supply‑chain attacks, and unsafe external dependencies that have been observed in thousands of publicly available skills.

Skill Inspector is distributed via PyPI and relies on the `uv` package manager. It supports local use as well as enterprise deployment through MDM integration and Snyk’s EVO platform, offering observability for larger installations. The project is experimental and includes a research paper describing its analysis of nearly 4,000 agent skills.