SkillGuard scans untrusted skill content. Treat scanner bugs as security issues when they allow a malicious skill to bypass deterministic checks, crash the scanner, access host secrets, or trigger code execution.
Please report security issues privately through GitHub security advisories:
https://github.com/stella/skillguard/security/advisories/new
Do not include private skill contents, secrets, tokens, or production logs in public issues.
Until the first stable release, only the current main branch is supported.
SkillGuard aims to:
- avoid executing candidate skill files;
- avoid network access by default;
- avoid following symlinks;
- cap scan resources;
- produce deterministic reports.
SkillGuard does not guarantee that a scanned skill is safe to install.