Skip to content
Thrivbe
← All experiments
LiveStarted June 18, 2026Updated July 2, 2026

Would you install an unaudited AI skill?

Skill Security Scanner

  • Static analysis
  • Claude review agents

Relevant services: AI Digital Teammates · Thrivbe AI

Hypothesis

Agent skills are the new browser extensions: plain-text instructions plus scripts that people install by the dozen, from strangers, into systems with real permissions. Before installing any third-party skill, an automated scanner should read it the way a security reviewer would — because prompt files can attack, not just code.

What we built

A skill-security scanner that inspects any skill package before it enters our harness: the scripts (what they execute, where they phone home) and the prompt text itself — hidden instructions, permission escalations, attempts to exfiltrate context, or wording engineered to make an agent bypass its own gates. Findings come back as a verdict with quoted evidence, and nothing gets installed without a pass.

Learnings

  • Prompt files are an attack surface. A skill's markdown can instruct an agent to do things its scripts never could — scanning only the code misses the sharpest edge.
  • The supply-chain reflex from software ("check the publisher, read the install hooks") transfers directly to skills, and nobody is doing it yet.
  • Scanning our own skills was humbling — over-broad permissions accumulate by convenience even with good intentions.

Log

  • 2026-07-02 — Scanner in routine use for anything third-party entering the harness.
  • 2026-06-18 — First version: script inspection + prompt-injection pattern review.