Skillcop: Block malicious Claude Skills before they execute

Name: Skillcop: Block malicious Claude Skills before they execute
Availability: InStock
Author: bennydog224

by bennydog224·Mar 20, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●●BangerBig BrainShip It

LLM-on-LLM scanning catches obfuscation and semantic attacks before skills execute.

Strengths

•SHA-256 manifest caching avoids rescanning unchanged files between sessions.
•Two hook points (SessionStart, PreToolUse) catch threats at load and write time.
•Based on Snyk ToxicSkills taxonomy with 8 specific threat categories.

Weaknesses

•v0.1 means limited real-world testing against actual malicious skills.
•LLM scanning adds latency to skill invocation that may frustrate users.

Post Description

I've been wanting to adopt more skills in my agent workflows, but I've been super sketched as a security person. There's marketplaces like Skills.sh and a ton of stuff on Github, but I felt like a lot of it was too untrustworthy to just be pulling down.

Combined with Snyk reporting that they found ~1500 malicious skills on such marketplaces (https://snyk.io/blog/toxicskills-malicious-ai-agent-skills-c...), I decided to build a library for doing skill scanning since Claude doesn't do it natively.

v0.1 of skillcop is an OSS wrapper around Claude Code for scanning malicious skills at invocation time.Skillcop integrates natively with Ollama for skill scanning, providing direct access to Gemma 3, GPT-OSS, GLM 4.7 Flash from the CLI.

Existing harnesses exist but don't quite get to this level of granular LLM-on-LLM scanning. Would love to get feedback and users from the community!