Browse the public directory first, run the local scanner before you install anything sensitive, and use hosted registry checks when you want a quick answer without a local scan setup.
Start with the public dataset if you want a fast trust check, issue summary, and source context.
Best for
Checking a skill before you download it or comparing multiple options side by side.
Use the local scanner when you want the main skillshield command on your machine.
Local scanner
npm install -g skillshield skillshield scan ./SKILL.md
Use this when you want the local scanner and the canonical skillshield binary.
Use the hosted/API CLI when you want quick registry lookups through skillshield-registry.
Hosted checks
npm install -g skillshield-cli skillshield-registry check github
The VS Code extension also depends on skillshield-registry being available on your PATH.
Command boundary
skillshield is the local scanner. skillshield-registry
is the hosted registry/API CLI shipped through the skillshield-cli package.
That split keeps the local security workflow and the hosted lookup workflow clean.
VS Code setup
skillshield-registry on your PATH.MCP servers are the browser extensions of AI agents — but with direct system access. We built the first security scanner to detect tool poisoning, over-permissioned access, and prompt injection vulnerabilities.
Real scan data from 33,746 extensions across 6 sources
1,416 skills
⚡ 32.6% CRITICAL — nearly 1 in 3 skills are dangerous
160 skills
✅ 97.5% clean — well-curated marketplace
100 skills
✅ 94% clean — trusted open source skills
Discover verified, secure SKILL.md files for your AI workflows
Every skill undergoes a rigorous 3-step security analysis before being listed in our directory.
Developers submit their SKILL.md files through our secure portal or API.
Our automated systems perform static analysis, prompt injection detection, and sandbox testing.
Clean skills receive a security score and are listed. Suspicious files are quarantined.
Deep code inspection for malicious patterns, hidden commands, and suspicious API calls.
Learn moreSpecialized testing for jailbreak attempts, instruction overrides, and manipulation techniques.
Learn moreIsolated execution environment to observe actual runtime behavior and network activity.
Learn moreEverything you need to know about SkillShield
A SKILL.md file is a standardized documentation format that describes how an AI model should perform a specific task or use a particular tool. It contains instructions, examples, constraints, and safety guidelines that help AI systems understand and execute the skill correctly.
Our scanning process uses a combination of static analysis, pattern matching, and dynamic sandboxing. We check for malicious code patterns, prompt injection vulnerabilities, data exfiltration attempts, and unexpected behavior in isolated environments. Each scan generates a detailed security report.
Absolutely! Anyone can submit a SKILL.md file for review. Simply create an account, upload your skill file, and our automated systems will begin the security scan. Once verified, your skill will be listed in the directory with full attribution.
Skills that fail our security checks are not listed in the public directory. The submitter receives a detailed report explaining what issues were found. Minor issues can often be fixed and resubmitted. Skills with serious security concerns are quarantined and flagged for manual review.
Yes! Browsing and using verified skills is completely free. We also offer free submissions for open-source skills. For commercial or high-volume submissions, we offer premium plans with priority scanning and additional features.
Join thousands of developers who trust SkillShield for verified, secure SKILL.md files.
Explore our collection of verified, secure skills with 100/100 security scores — ready to install and use safely.