skillxray is a command-line tool for AI developers to scan agent skills for prompt injection, hidden Unicode, dangerous commands, and leaked secrets. Below are 6 code review & quality apps with similar functionality to skillxray, matched by what each product actually does — not ranked or scored. Explore each to find the closest fit for your use case.
skill-auditor is an open-source command-line tool that scans AI Agent skills for security issues before installation. It acts as an install gate, helping developers and maintainers ensure that only safe and validated skills are added to their AI agents. Ideal for those building or managing AI agent frameworks.
skillscan-trace is an open-source behavioral execution engine designed for MCP-based AI agent skills. It provides tools for analyzing, executing, and securing agent behaviors, supporting developers working with autonomous agent frameworks.
agent-skill-scanner is an open-source CLI tool that scans agent skill files for security vulnerabilities, including prompt injection, capability escalation, and data exfiltration. It applies 22 security rules to help AI developers and security researchers identify and mitigate risks in LLM agent skills. The tool is MIT licensed and suitable for anyone building or auditing AI agent systems.
Analyze any codebase and auto-generate AI agent skill files for Claude Code, Cursor, and other AI tools
SkillScan was a free, local, and private scanner designed to detect security issues in AI agent skill files. The tool operated without requiring a GPU, incurred no per-scan fees, and did not require users to send their files to a company, emphasizing privacy and local analysis. Its approach involved static analysis and the use of pattern rules or a lightweight classifier to identify potentially malicious behaviors or instructions within skill files. The scanner was developed as an open-source project, with its code remaining publicly available even after its retirement. SkillScan's methodology centered on identifying problematic patterns, but its creator found that such tools, including SkillScan itself, often missed a significant portion of novel attacks or over-blocked to compensate. The tool was benchmarked alongside other similar scanners, and results indicated that static or rule-based approaches detected only a fraction of sophisticated threats, particularly those involving intent or context that simple pattern matching could not discern. SkillScan's development and subsequent benchmarking were aimed at providing detection capabilities that users could fully control—local, private, and open-source—without reliance on external services or cloud-based models. However, the project's findings highlighted the limitations of static and rule-based detection in this domain, especially when compared to more advanced reasoning models. The scanner has since been retired, but its code remains accessible for reference.
SkillTotal provides static security analysis for AI components, focusing on identifying risks such as supply-chain vulnerabilities, dangerous capabilities, prompt-injection, and exfiltration surfaces. The tool is designed to analyze the component itself, without executing code or relying on large language models, and is suitable for use with AI-related packages, agent skills, plugins, MCP servers, and model repositories. Users can submit components by pasting a public git URL or specifying an npm or PyPI package, and the tool will generate a detailed, evidence-backed report. The analysis performed by SkillTotal is deterministic and static, mapping the behavioral traits of a component to established security frameworks such as the Cloud Security Alliance (CSA) agentic threat model, MAESTRO, and MITRE ATLAS. Each report includes a risk score ranging from 0 to 100, a list of all exposed capabilities, a behavioral trait fingerprint, and findings anchored to specific files and lines of code. Reports can be exported in JSON or SARIF formats. SkillTotal also allows users to scan multiple servers by pasting a configuration, or to upload a ZIP file containing an agent skill folder or project. The platform does not store user submissions, and public reports are cached and shared. 0 license. Users have the option to run the analysis engine locally, ensuring that their code never leaves their machine, or to use the web-based service, which requires no account or authentication. The service is always free and does not require an account to access the full static report. Future features in development include server-side analysis for deeper insights, LLM-based verification, exploitability and impact analysis, dynamic behavior analysis in a sandboxed environment, tailored remediation guidance, and monitoring capabilities.