Security scanning for AI agent skills. Detects prompt injection, data exfiltration, and malicious code patterns with multi-engine analysis.
- Quick Start -- Install, configure, and run your first scan
- Overview -- System design, scanning pipeline, and risk model
- Scanning Pipeline -- How files flow through the analysis stages
- Threat Taxonomy -- AITech threat taxonomy with examples
- Binary Handling -- How compiled and binary files are processed
- Analyzer Overview -- Summary of all available analyzers
- Static Analyzer -- YAML + YARA pattern matching
- Behavioral Analyzer -- AST dataflow analysis
- LLM Analyzer -- LLM-as-a-judge semantic analysis
- Meta-Analyzer -- False positive filtering and prioritization
- Meta & External Analyzers -- AI Defense, VirusTotal, and meta-analysis
- AI Defense Analyzer -- Cisco AI Defense cloud analyzer
- Writing Custom Rules -- Author YAML signatures, YARA rules, and Python checks
- Security Model -- Threat model and security assumptions
- Remote Skills Analysis -- Scanning skills fetched from remote sources
- Feature Overview -- All scanner capabilities at a glance
- User Guide Overview -- Getting the most out of Skill Scanner
- Installation & Configuration -- Setup and environment
- CLI Usage -- Command-line interface
- Python SDK -- Programmatic scanning
- API Server -- REST API server
- API Operations -- API usage patterns
- API Endpoints Detail -- Endpoint reference
- API Rationale -- Design decisions behind the API
- Scan Policies Overview -- Policy presets and tuning
- Custom Policy Configuration -- Writing your own policy YAML
- Examples & How-To -- Common workflows and recipes
- Reference Overview -- Quick links to all reference material
- CLI Command Reference -- All commands and options
- API Endpoint Reference -- REST API endpoints
- Configuration Reference -- Environment variables and config
- Output Formats -- JSON, SARIF, Markdown, HTML, and table formats
- Policy Quick Reference -- Compact policy section and knob reference
- Dependencies & LLM Providers -- Supported providers and extras
- Development Overview -- Contributing to Skill Scanner
- Setup & Testing -- Dev environment and test suite
- Integrations -- CI/CD, GitHub Code Scanning, and more