Show HN: SkillsGuard – static scanner for malicious AI agent skills

Category: security

Tags: security-scanner, ai-agents, static-analysis, supply-chain-security, threat-detection

Score: 7.5/10 (Innovation: 7, Technical: 8, Documentation: 8, Utility: 7)

SkillsGuard is a static scanner for AI agent skill packages, detecting malicious SKILL.md files and obfuscated scripts before execution. It combines a novel security niche (auditing AI agent supply chains) with solid technical depth (151 detection rules, recursive decoding, MCP integration) and comprehensive documentation. Its focus on an emerging attack surface and zero-dependency Node.js design make it interesting for security-conscious AI developers.

Target audience: security engineers and AI/LLM application developers

Repository: https://github.com/Teycir/SkillsGuard · TypeScript · 1 stars

View on Hacker News