Created
March 16, 2026 03:21
-
-
Save kurtpayne/4f1d73d42e4b4c1b628fb662d0ab63ea to your computer and use it in GitHub Desktop.
Docker Hub overview for skillscan-security
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SkillScan Security | |
| SkillScan Security is an offline-first security scanner for AI skills and tool bundles. It analyzes code and instruction content and returns deterministic verdicts (allow, warn, block) using configurable policy profiles (strict, balanced, permissive). | |
| What it detects | |
| - Malware-like and suspicious command patterns | |
| - Prompt-injection and instruction abuse risks | |
| - Secret access and exfiltration chains | |
| - Risky dependency posture and supply-chain issues | |
| - Dangerous action chaining across scripts and tooling | |
| Why use it | |
| - Deterministic first: local/static checks are primary | |
| - CI-friendly: supports JSON, compact, JUnit, and SARIF outputs | |
| - Release transparency: SBOMs generated in release workflows | |
| - Multi-arch images: linux/amd64 and linux/arm64 | |
| Docker image | |
| - Canonical image: kurtpayne/skillscan-security | |
| - Typical tags: vX.Y.Z, latest | |
| Quick start | |
| docker pull kurtpayne/skillscan-security:v0.3.0 | |
| docker run --rm -v "$PWD:/work" kurtpayne/skillscan-security:v0.3.0 scan /work --fail-on never | |
| Check version | |
| docker run --rm kurtpayne/skillscan-security:v0.3.0 version | |
| Naming notes | |
| - PyPI package: skillscan-security | |
| - Primary CLI command: skillscan-security | |
| - Alias kept for convenience: skillscan | |
| Project links | |
| - Source: https://github.com/kurtpayne/skillscan | |
| - License: Apache-2.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment