351 malicious skills in database
43 verified safe skills
12 heuristic rules

What it checks (fast)

  • Known malicious skill fingerprints
  • Permissions (filesystem, network, shell)
  • Heuristics: suspicious endpoints, install hooks, shell/network combos

Red flags

  • Network enabled without a clear reason
  • Shell access + install hooks
  • Broad filesystem read (home folders, dotfiles)
  • Obfuscated code or strange download URLs

Limitations

  • This is not a full static analyzer or sandbox execution.
  • “Clean” result ≠ guaranteed safe — treat untrusted skills as code execution.