Anmelden
MRT-8

skillray

by @MRT-8 in AI & LLM
1
0
# Install this skill:
npx skills add MRT-8/SkillRay

Or install specific skill: npx add-skill https://github.com/MRT-8/SkillRay

# Description

Scan AI skills, MCP tools, and agent scripts for security threats. Use when the user asks to "scan for security issues", "check skill safety", "audit this skill", or "run skillray".

# SKILL.md

name: skillray
description: Scan AI skills, MCP tools, and agent scripts for security threats. Use when the user asks to "scan for security issues", "check skill safety", "audit this skill", or "run skillray".

SkillRay β€” AI Skill Security Scanner

You are a security analysis assistant powered by SkillRay v2.0. When asked to scan files or directories for security issues, follow these steps:

Steps

  1. Run the scanner on the target path:
    bash uvx skillray <PATH> --format json --quiet
    If uvx is not available, try:
    bash python3 -m skillray <PATH> --format json --quiet

  2. Parse the JSON output and present findings to the user in a clear, conversational format:

  3. Group findings by severity (Critical first, then High, Medium, Low)
  4. For each finding, explain:
    • What was detected and why it's a risk
    • The specific file and line number
    • A concrete fix recommendation

  5. Summarize the overall security posture

  6. If the user asks, offer to auto-fix simple issues (like removing hardcoded secrets or replacing shell=True with argument lists).

Capabilities

SkillRay detects 9 categories of threats:
- Prompt Injection: Hidden instructions, role overrides, invisible Unicode
- Tool Poisoning: Hidden behaviors in tool descriptions, MCP overrides
- Credential Theft: Hardcoded keys, env var exfiltration, SSH key access
- Data Exfiltration: Sensitive reads + network sends, DNS tunneling
- Supply Chain: Typosquatting, runtime installs, unpinned deps
- Privilege Escalation: sudo, container escape, security bypass
- Obfuscation: Base64/hex encoded payloads, string concat tricks
- Destructive Ops: rm -rf, disk format, git history destruction
- Code Execution: eval/exec, shell=True, download-and-execute

Output Formats

  • --format text β€” Rich terminal output (default)
  • --format json β€” Machine-readable JSON
  • --format sarif β€” SARIF for GitHub Code Scanning
  • --format md β€” Markdown for PR comments
  • --lang zh β€” Chinese output

# README.md

SkillRay

AI Skill Security Scanner
Scan AI skills for security threats before they scan your secrets.

δΈ­ζ–‡

PyPI Python License CI

Why SkillRay?

36.82% of AI skills contain security defects (Snyk ToxicSkills, 2024). As AI agents gain tool-use capabilities, a single malicious skill can steal credentials, exfiltrate data, or compromise entire systems.

SkillRay is a lightweight, offline, multi-engine static analyzer purpose-built for AI skill security β€” no ML models, no API keys, no YARA C dependencies.

Features

  • 5 Detection Engines β€” Regex, AST, Entropy, Dataflow, Prompt analysis
  • 37+ Security Rules across 9 threat categories
  • 5-Level Severity β€” Critical / High / Medium / Low / Info
  • Beautiful Terminal Output β€” Rich tables, colors, progress indicators
  • Multiple Output Formats β€” Text, JSON, SARIF, Markdown
  • Claude Code Skill β€” Native integration as a Claude Code skill
  • Bilingual β€” English and Chinese output (--lang zh)
  • Zero ML Dependencies β€” Only requires rich (~3MB)
  • Offline & Fast β€” No API calls, scans in milliseconds

Architecture

SkillRay Architecture

Quick Start

# Install
pip install skillray
# or
uvx skillray

# Scan current directory
skillray .

# Scan with CI fail threshold
skillray ./skills --fail-on high

# JSON output for automation
skillray . --format json --output report.json

# Chinese output
skillray . --lang zh

Threat Categories

Category Rules Engine Example Threats
SR-PROMPT 5 Prompt Hidden instructions, role override, invisible Unicode
SR-TOOL 3 Prompt Tool poisoning, MCP override, hidden behaviors
SR-CRED 5 Entropy + Regex Hardcoded keys (AWS/GitHub/OpenAI), env var theft
SR-EXFIL 4 Dataflow + Regex Sensitive read + network send, DNS tunneling
SR-SUPPLY 4 Regex + AST Typosquatting, runtime installs, unpinned deps
SR-PRIV 4 Regex sudo, container escape, security bypass
SR-OBFUSC 5 Regex + Prompt Base64/hex payloads, homoglyphs, string concat
SR-DESTRUCT 3 Regex rm -rf, disk format, git history destruction
SR-EXEC 4 AST + Regex eval/exec, shell=True, download-and-execute

Detection Engines

Engine Target Files Dependencies Purpose
RegexEngine All stdlib re Pattern matching (~60 patterns)
ASTEngine .py stdlib ast Python AST analysis, eliminates comment/string FPs
EntropyEngine All stdlib math Shannon entropy + ~15 known key formats
DataflowEngine .py / shell stdlib ast Lightweight taint tracking: source β†’ sink
PromptEngine .md / SKILL.md stdlib Prompt injection heuristics

CLI Reference

skillray [PATH]                      # Positional arg, default "."
  --format text|json|sarif|md        # Output format
  --output FILE                      # Write report to file
  --fail-on critical|high|medium|low # Exit code threshold (for CI)
  --quiet                            # Minimal output
  --lang en|zh                       # Language
  --ignore-file PATH                 # Ignore config file
  --engines regex,ast,entropy,...    # Select engines
  --rules SR-PROMPT-*,SR-CRED-*     # Filter rules
  --no-color                         # Disable colors
  --version

Comparison

Feature SkillRay AgentVet Cisco Scanner
External deps rich only YARA + multiple YARA + LLM
Detection engines 5 3 3
Prompt injection Dedicated engine No LLM-based
AST analysis Yes No No
Entropy analysis Yes No No
Claude Code Skill Native No No
Offline Yes Yes No (needs LLM)
Chinese support Yes No No

Claude Code Skill

SkillRay works as a native Claude Code skill. After installation, just say:

"Scan this directory for security issues"

The SKILL.md in the project root enables Claude Code to automatically invoke SkillRay and present findings conversationally.

Ignore Rules (.skillrayignore)

# Ignore a rule globally
SR-PRIV-001

# Ignore a rule for specific files
SR-CRED-001:tests/**/*.py

Development

# Clone and install
git clone https://github.com/hejuntao/skillRay
cd skillRay
uv sync

# Run tests
uv run pytest tests/ -v

# Run scanner on test samples
uv run python3 -m skillray tests/samples/malicious/
uv run python3 -m skillray tests/samples/benign/

License

Apache-2.0

# Related Skills

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

⚑ Amp πŸš€ Antigravity πŸ€– Claude Code πŸ¦€ Clawdbot πŸ“ Codex ▢️ Cursor πŸ€– Droid πŸ’Ž Gemini CLI πŸ™ GitHub Copilot πŸͺΏ Goose πŸ“Š Kilo Code πŸ”§ Kiro CLI πŸ’» OpenCode 🦘 Roo Code 🌲 Trae πŸ„ Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.