Is that AI skill safe to install?
Scan any MCP skill or agent tool for security threats in 5 seconds. Free. No signup.
URLs, npm packages, PyPI packages, GitHub repos, or paste raw content
Any SKILL.md, MCP tool config, or agent definition
Pattern matching, intent detection, capability fingerprinting
Risk score, findings, shareable link — in seconds
Free basic scans. Pay per premium scan with USDC via x402 — no account needed.
Pattern matching, URL reputation, intent analysis, shareable report
+ Capability fingerprinting, threat chains, permission manifest
Scan your whole skill library at once. Risk breakdown included.
# Free scan by URL curl -X POST https://skillaudit.vercel.app/scan/url \ -H "Content-Type: application/json" \ -d '{"url": "https://example.com/SKILL.md"}' # Free scan by content curl -X POST https://skillaudit.vercel.app/scan/content \ -H "Content-Type: application/json" \ -d '{"content": "... skill text ..."}'
| Endpoint | Cost | Description |
|---|---|---|
POST /scan/url | Free | Scan a skill by URL |
POST /scan/content | Free | Scan raw skill content |
POST /scan/deep | $0.05 | Full capability analysis + threat chains |
POST /scan/batch | $0.10 | Batch scan up to 20 URLs |
POST /scan/compare | $0.05 | Compare two skill versions |
GET /scan/:id | Free | Get scan result (JSON) |
POST /policy | Free* | Create a security policy (API key required) |
GET /policy/:id/evaluate | Free* | Evaluate a URL against your policy → allow/deny |
POST /policy/evaluate-inline | Free | Evaluate content against an inline policy (no key needed) |
GET /report/:id | Free | View scan report (HTML) |
GET /stats | Free | Ecosystem scan statistics |
GET /openapi.json | Free | OpenAPI 3.0 spec |