100% Free · No Signup · No Rate Limits for Humans

SkillsSafe

AI Skill Security Scanner

Scan SKILL.md files, MCP configs, and system prompts for threats before installing. Detect credential theft, data exfiltration, shell injection, and hidden Unicode characters.

Supported by:OpenClawClaude CodeCursorCodex

🔒 Privacy Mode — Content stays in your browser

20+ Detection Rules

Credential theft, reverse shells, prompt injection & more

< 100ms

Client-side scanning in your browser, instant results

EN / 中文 / 日本語

The only trilingual AI skill scanner

Free MCP Server

One-line setup for OpenClaw and any MCP-compatible agent

Free · 60 requests/hour · No API key required

OpenClaw Native Support

Let your agent automatically check skill safety before installation

Add to OpenClaw in one command:

bash

openclaw mcp add skillssafe https://mcp.skillssafe.com/sse

Or add manually to your MCP config:

mcp_config.json

{
  "mcpServers": {
    "skillssafe": {
      "url": "https://mcp.skillssafe.com/sse"
    }
  }
}

Available MCP Tools:

▸scan_skill({ url }) — Scan a skill by URL
▸scan_skill({ content }) — Scan skill content directly
▸get_report({ scan_id }) — Get full report

Example agent conversation:

You:

帮我安装 code-review-helper 技能

Agent:

正在通过 SkillsSafe 扫描安全性...

⚠️ BLOCK: 检测到 3 个严重威胁 • 凭证窃取 (SS-001) • 数据外传 (SS-010) • 提示注入 (SS-030) → https://skillssafe.com/report/ss_a3f8c901

Agent:

建议：不要安装此技能，存在严重安全风险。

Also supported:

OpenClaw ✓Claude CodeCursorCodexAny MCP Agent