|
|
|
|
|
|
by cloudmanager
133 days ago
|
|
|
I built a CLI tool to scan AgentSkills (SKILL.md format) before installing them. Works with OpenClaw/ClawHub, Claude Code, Cursor, and any AgentSkills-compatible platform.
Given the ClawHavoc campaign and reports of 26% of skills containing vulnerabilities, I wanted a quick gut check before installing anything. It runs four analysis layers: permission audit, prompt injection detection, code analysis via TypeScript AST, and cross-reference checks for permission mismatches. Zero config, zero API keys, one command: npx acidtest scan ./my-skill https://github.com/currentlycurrently/acidtest |
|
|