Show HN: Skillcop: Block malicious Claude Skills before they execute
github.comI've been wanting to adopt more skills in my agent workflows, but I've been super sketched as a security person. There's marketplaces like Skills.sh and a ton of stuff on Github, but I felt like a lot of it was too untrustworthy to just be pulling down.
Combined with Snyk reporting that they found ~1500 malicious skills on such marketplaces (https://snyk.io/blog/toxicskills-malicious-ai-agent-skills-c...), I decided to build a library for doing skill scanning since Claude doesn't do it natively.
v0.1 of skillcop is an OSS wrapper around Claude Code for scanning malicious skills at invocation time.Skillcop integrates natively with Ollama for skill scanning, providing direct access to Gemma 3, GPT-OSS, GLM 4.7 Flash from the CLI.
Existing harnesses exist but don't quite get to this level of granular LLM-on-LLM scanning. Would love to get feedback and users from the community!
No comments yet.