Data Optimizer Pro

The skill-security-scan tool is an essential security auditing utility designed for developers and power users who utilize Claude Code or local agent environments. As third-party Skills gain wider adoption, the risk of executing untrusted code—such as unauthorized network calls, sensitive file access (like SSH keys or .env variables), or code injection—becomes a critical concern. This scanner provides a multi-dimensional security assessment that acts as a gatekeeper for your development environment by analyzing local skill directories and identifying potential vulnerabilities before execution.

• Performs comprehensive security analysis covering network communication, filesystem access, system command execution, and code injection patterns.

• Utilizes a robust rule-based engine to assign risk scores and categorize threats into CRITICAL, WARNING, and INFO levels.

• Supports multiple report formats, including interactive HTML dashboards, machine-readable JSON for CI/CD integration, and formatted console output.

• Includes an extensible rule management system with support for custom whitelist configurations, allowing teams to define security policies tailored to their specific architecture.

• Offers high-performance scanning capabilities suitable for auditing large repositories of skills or complex development projects.

• Features localized interface support, providing consistent performance and reporting in both Chinese and English.

• Input: Specify the path to a single Skill directory, the default .claude/skills/ folder, or an entire project workspace.

• Output: Generates detailed risk reports highlighting specific vulnerable lines of code, malicious patterns (e.g., curl, os.system, eval, exec), and remediation recommendations.

• Usage: Ideal for security-conscious developers, DevOps engineers, and organizations implementing a zero-trust policy for AI agent extensions.

• Constraints: The tool relies on static analysis and pattern matching; it should be used as part of a layered security strategy, including manual code review for complex or obfuscated logic. Ensure the tool is kept up-to-date with the latest rule definitions from the official repository.