MCPcopy Index your code
hub / github.com/bruc3van/agent-skills-guard

github.com/bruc3van/agent-skills-guard @v1.3.2

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.3.2 ↗ · + Follow
2,368 symbols 6,110 edges 241 files 290 documented · 12% updated 6d agov1.3.2 · 2026-06-12★ 378
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

🛡️ Agent Skills Guard

Making Claude Code Skills Management as Simple and Secure as an App Store

Version License Platform

English | 简体中文

Community

🚀 More Open Source Projects

📄 bruce-doc-converter - Bidirectional conversion between Office/PDF and Markdown, automatic Mermaid diagram rendering, making AI easily understand your documents

📊 bruce-drawio - Generate various draw.io diagrams with natural language, supporting flowcharts, architecture diagrams, ER diagrams, etc., one-click export to PNG/SVG/PDF


⚡ Why Agent Skills Guard?

When enjoying Claude Code's AI-assisted programming, do you face these frustrations:

  • 🔐 Security concerns: Want to install new skills but worried about code risks, don't know how to judge?
  • 📦 Management chaos: Skills scattered everywhere, don't know which to keep or delete?
  • 🔍 Discovery difficulties: Don't know where to find quality community skills, missing many great tools?

Agent Skills Guard is designed to solve these problems. It transforms the skills world originally hidden in command lines and folders into a visible, manageable, trustworthy app store experience.

🎯 Core value in three seconds: Visual management + Security scanning + Featured repositories + CLI tool management

⭐ Download Now


🌟 Five Core Features

🔄 Full Lifecycle Management

Manage Claude Code skills like managing mobile apps, from discovery, installation, updates to uninstallation, all with visual operations.

  • One-click install: Install directly from featured or custom repositories
  • 🔌 Plugin-style installation: Support installing skills as plugins using Claude non-interactive commands, avoiding compatibility issues
  • 🔄 Smart updates: Automatically detect skill and plugin updates, support online upgrades
  • 🗑️ Easy uninstall: Support multi-path installation management, clean on demand, with confirmation dialog
  • 📂 Custom paths: Flexibly choose skill installation locations
  • 🔗 Tool sync: Sync installed skills to Claude Code, Codex, Antigravity, OpenCode and other programming tools, with batch sync support

🛡️ Community-Leading Security Scanning

All-new multi-layer scanning pipeline engine, covering 8+ risk categories, multi-step attack chains, Unicode deception, cross-skill coordinated attacks and more cutting-edge detection capabilities.

  • 🔍 8+ risk categories: Destructive operations, remote code execution, command injection, data exfiltration, privilege escalation, persistence, sensitive information leakage, sensitive file access, and more
  • 🔗 Multi-step attack chain detection: Taint analysis engine tracking download-execute chains, sensitive file exfiltration and other cross-line attack patterns
  • 🎭 Unicode security detection: Three-layer detection — homoglyph attacks, zero-width character steganography, invisible control characters
  • 🌐 Cross-skill coordinated attack detection: Discover data relay, shared malicious domains and other coordinated attack behaviors across multiple skills
  • 📦 File type disguise detection: 14 magic signature types, prevent binary files disguised as text
  • Consistency validation: Compare declared capabilities vs actual code behavior, detect misleading descriptions
  • 📊 Analyzability assessment: Scan coverage scoring, identify unanalyzable binary files
  • 🚫 Hard-trigger protection: Directly block high-risk operations, no risk taking

🌟 Featured Resource Marketplace

Built-in manually curated quality skills repository, syncs with Claude plugin marketplace, discovering quality resources has never been easier.

  • 📚 Featured skills library: Manually selected quality skills
  • 🔌 Claude plugin support: Sync local installed plugins, include in security scanning and risk statistics
  • 🌟 Featured plugin marketplace: New "Featured Marketplace" tab, supports online refresh and caching
  • 🔄 Auto refresh: Silent update on startup, keep latest
  • Custom repositories: Support adding any GitHub repository

💻 Local CLI Tool Management

Automatically discover and manage command-line tools installed via package managers, all in one place.

  • 🔍 Auto Discovery: Scan CLI tools installed via npm, pnpm, pip, Homebrew, Scoop, Chocolatey
  • 🔄 Update Check: One-click check for updates across all CLI tools, with batch update support
  • 📦 Smart Merge: Auto-merge tools from the same Homebrew formula / Scoop package to reduce noise
  • 🗑️ Uninstall: Uninstall CLI tools directly from the interface
  • 📂 Folder Browse: Quickly open tool installation directories
  • 🏷️ Categorized View: Organized by package manager, with search and filtering

🎨 Modern Visual Management

Say goodbye to command lines and enjoy the intuitive Apple minimalist interface.

  • 🎨 Apple minimalist theme: Clean macOS style design
  • 📱 Sidebar navigation: Intuitive navigation experience
  • Smooth animations: Carefully polished interaction experience
  • 🌐 Bilingual interface: Complete Chinese and English interface support
  • 📐 Responsive layout: Perfect adaptation to various screen sizes

🔗 Related Projects

🔍 Agent Scanner Skill

If you like the security scanning feature of Agent Skills Guard, you can also try our Claude Code skill version:

agent-scanner-skill - More powerful security scanning with deep dependency analysis, known vulnerability detection, and intelligent risk assessment

No GUI required, perfect for developers who prefer working in the terminal.


🆚 Traditional Way vs Agent Skills Guard

Feature Traditional Way Agent Skills Guard
Discover skills/plugins ❌ Aimlessly search GitHub ✅ Featured repo + plugin marketplace, one-click browse
Security check ❌ Manual code review, time-consuming ✅ Multi-layer pipeline auto scan, covering attack chains/Unicode/cross-skill detection
Install skills ❌ Command line, error-prone ✅ Visual UI, plugin-style install, click to install
Manage skills/plugins ❌ Folder digging, unclear usage ✅ Intuitive list, clear status
Update skills/plugins ❌ Manual check, repetitive ✅ Auto detect, batch update
Sync to tools ❌ Manually copy to tool directories ✅ One-click sync to Claude Code / Codex / Antigravity / OpenCode, batch operations
Uninstall skills ❌ Manual delete, worried leftovers ✅ One-click uninstall, confirmation dialog, auto cleanup
CLI tool management ❌ Check each package manager one by one ✅ Auto discover, unified management, batch update

🚀 Quick Start

📥 Installation

Visit GitHub Releases to download the latest version:

  • macOS: Download .dmg file, drag to install
  • Windows: Download .msi installer, double-click to install

Security warnings on first launch can be safely ignored

🎯 First Time Use

Step 1: Browse and Install

  • Browse and search skills in "Skills Marketplace"
  • Click "Install", system will automatically perform security scan
  • Check security score and scan report, install with peace of mind

Step 2: Manage Installed Skills

  • One-click scan all skills' security status in "Overview" page
  • View details, update or uninstall in "My Skills"

💎 Interface Showcase

📊 Overview Page

See all skills' security status at a glance, risk category statistics, and issue details clearly.

Overview

🛡️ Security Scan Report

Detailed scan results, including security score, risk level, problem list.

Scan result

📦 My Skills

View all installed skills, support multi-path management, batch update and uninstall.

My skills Skills update

🛒 Skills Marketplace

Explore and install community skills from featured repositories.

Skills marketplace

🗄️ Repository Configuration

Add and manage skill sources, built-in featured marketplace and GitHub repositories, updated regularly.

Repositories


🛡️ Security Scanning Details

Scanning Mechanism

All-new multi-layer scanning pipeline engine. From file traversal to final report, multiple specialized analyzers work together:

  1. Policy Loading — Load ScanPolicy configuration
  2. SkillContext Construction — Unified context object, one-pass file classification, frontmatter parsing, reference extraction
  3. Strict Structure Validation — 17 directory/file structure checks (optional)
  4. Per-File Scanning — File type disguise detection → Unicode deception detection → Asset contamination detection → YAML rule matching
  5. Context-Level Analysis — Consistency validation → Multi-step attack chain detection → Analyzability assessment
  6. Post-Processing — Finding deduplication + Geometric decay scoring

Technical Highlights:

  • YAML External Rules — Rules separated from code, supporting core_rules.yaml + cisco_parity_signatures.yaml dual rule packs
  • Parallel Scanning — Parallel scanning technology greatly improves scan speed for local installed skills/plugins
  • Symbolic Link Detection — Immediately hard-block on symlink discovery, prevent attacks
  • Multi-Format Support — Scans all text files, automatically skipping binary/image/font/compiled assets; individual rules can target specific extensions via file_types (e.g. .py, .js, .ps1), while generic rules (secret leakage, destructive commands, etc.) apply to all text files
  • Platform Adaptation — UTF-16 decoding, full Windows/multi-language support

Scoring System Principles

How is the Security Score Calculated?

The security score uses a 100-point geometric decay deduction mechanism, starting from 100 points and deducting based on detected risks:

  1. Initial Score: 100 points (full score)
  2. Risk Deduction: For each risk detected, deduct points based on its weight and confidence level
  3. Geometric Decay: Multiple risks use a decay formula, avoiding excessively low scores from simple linear deduction
  4. Same-Rule Deduplication: Deduct points only once per rule in the same file
  5. Hard-Trigger Protection: When hard-trigger rules fire, score is capped at 29, directly blocking installation

Scoring Example

Assume the following risks are detected:

Risk Item Weight Description
rm -rf / (hard trigger) 100 Directly blocks installation, score capped at 29
curl \| bash 90 Deduct 90 points by weight
eval() 6 Deduct 6 points by weight
os.system() 6 Deduct 6 points by weight
Hardcoded API Key 60 Deduct 60 points by weight

Calculation: 100 - 90 - 6 - 6 - 60 = -62 → floored to 0 Due to the presence of hard-trigger rules, the score is capped at 29 (Critical), directly blocking installation.

Scoring Levels

  • 90-100 (✅ Safe): Safe to use

  • No or only very low-risk items

  • No hard-trigger rules detected
  • 70-89 (⚠️ Low Risk): Minor risk, recommend checking details

  • Few low-risk items

  • Decide whether to use based on needs
  • 50-69 (⚠️ Medium Risk): Certain risk, use with caution

  • Medium-risk items present

  • Recommend carefully reviewing code before use
  • 30-49 (🔴 High Risk): High risk, not recommended for installation

  • Multiple high-risk items

  • Strongly recommend finding alternatives
  • 0-29 (🚨 Critical Risk): Serious threat, installation prohibited

  • Hard-trigger rules triggered

  • System directly blocks installation

Hard-Trigger Protection Mechanism

What are Hard-Trigger Rules?

Hard-trigger rules are "red lines" set by the system. Once triggered, installation is immediately blocked without giving users a chance to take risks. These rules correspond to extremely dangerous operations, including:

  • 🚨 Destructive Operations: rm -rf /, disk wiping, formatting, etc.
  • 🚨 Remote Code Execution: curl | bash, reverse shell, PowerShell encoded commands, etc.
  • 🚨 Privilege Escalation: sudoers file modification
  • 🚨 Persistence Backdoor: SSH key injection
  • 🚨 Sensitive File Access: Reading shadow file, Windows credential store

Covering the most common attack vectors.

Multi-Step Attack Chain Detection

Traditional single-line regex matching cannot detect combined attacks spanning multiple lines. The Pipeline engine uses a two-tier detection architecture:

  • Taint Analysis: Formal source → transform → sink data flow model, tracking 7 taint types (sensitive data, user data, network data, obfusca

Extension points exported contracts — how you extend this code

CacheStats (Interface)
(no doc)
src/types/cache.ts
RepositoriesPageProps (Interface)
(no doc)
src/components/RepositoriesPage.tsx
CustomTypeOptions (Interface)
(no doc)
src/i18n/types.ts
GroupedSecurityIssue (Interface)
(no doc)
src/lib/security-utils.ts
UpdateContextValue (Interface)
(no doc)
src/contexts/UpdateContext.tsx
InstallSkillVariables (Interface)
(no doc)
src/hooks/useSkills.ts
ClearAllCachesResult (Interface)
(no doc)
src/types/cache.ts
RepositoryPreviewDialogProps (Interface)
(no doc)
src/components/RepositoriesPage.tsx

Core symbols most depended-on inside this repo

as_str
called by 68
src-tauri/src/security/file_magic.rs
scan_file
called by 66
src-tauri/src/security/scanner.rs
safeInvoke
called by 63
src/lib/api-error.ts
save_skill
called by 45
src-tauri/src/services/database.rs
_die
called by 43
test/test-skills/positive-real/codex-system-imagegen/scripts/image_gen.py
run
called by 38
src-tauri/src/services/claude_cli.rs
get_skills
called by 35
src-tauri/src/services/database.rs
analyze
called by 27
src-tauri/src/security/pipeline.rs

Shape

Function 1,715
Method 426
Class 133
Interface 73
Enum 21

Languages

Rust57%
Python22%
TypeScript21%

Modules by API surface

src-tauri/src/services/local_cli_scanner.rs192 symbols
src-tauri/src/security/scanner.rs151 symbols
src-tauri/src/services/skill_manager.rs104 symbols
src-tauri/src/services/plugin_manager.rs90 symbols
src-tauri/src/commands/local_cli.rs70 symbols
src/lib/api.ts63 symbols
src-tauri/src/services/database.rs60 symbols
test/test-skills/positive-real/codex-system-imagegen/scripts/image_gen.py57 symbols
src-tauri/src/commands/mod.rs54 symbols
src-tauri/src/security/pipeline.rs46 symbols
src-tauri/src/services/github.rs44 symbols
src-tauri/src/security/skill_context.rs44 symbols

Datastores touched

(mongodb)Database · 1 repos
mydbDatabase · 1 repos
appDatabase · 1 repos

For agents

$ claude mcp add agent-skills-guard \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page