---
name: agent-skill-security
description: Security scanning for Agent Skills and MCP servers using Snyk agent-scan. Use when installing new skills, auditing existing skills, reviewing MCP server security, or when user says "security audit", "scan skills", "install skill safely".
---

# Agent Skill Security Scanning

Automated security scanning before and after installing Agent Skills or MCP servers.

## Prerequisites

- `uv` installed (verify: `uv --version`)
  - macOS: `brew install uv`
  - Linux/WSL: `curl -LsSf https://astral.sh/uv/install.sh | sh`
- Internet access for Snyk API verification

## Workflow 1: Pre-Install Check (Before Adding Any Skill)

1. Review source repo on GitHub (stars, contributors, last commit)
2. Check skills.sh security badges (Gen, Socket, Snyk risk level)
3. List available skills without installing:

```bash
npx skills add <owner/repo> --skill <name> -l
```

4. Read the SKILL.md content before installing

## Workflow 2: Full Machine Scan

Run after any skill or MCP server changes:

```bash
uvx snyk-agent-scan@latest --skills
```

JSON output for programmatic processing:

```bash
uvx snyk-agent-scan@latest --skills --json
```

Scan specific skill directories:

```bash
uvx snyk-agent-scan@latest --skills ~/.cursor/skills/
uvx snyk-agent-scan@latest --skills ~/.agents/skills/
uvx snyk-agent-scan@latest --skills /path/to/SKILL.md
```

## Workflow 3: Pattern-Based Static Analysis

Quick local scan (no API needed):

```bash
# Dangerous exec patterns
rg -i '(curl.*\|.*bash|wget.*\|.*sh|eval\(|exec\(|subprocess|os\.system)' ~/.cursor/skills/*/SKILL.md ~/.agents/skills/*/SKILL.md

# Prompt injection
rg -i '(ignore previous|disregard|you are now|pretend to be|forget your)' ~/.cursor/skills/*/SKILL.md ~/.agents/skills/*/SKILL.md

# Suspicious URLs
rg -o 'https?://[^ )\]"]+' ~/.cursor/skills/*/SKILL.md ~/.agents/skills/*/SKILL.md | rg -v '(github\.com|skills\.sh|npmjs\.com|pypi\.org|docs\.|example\.com)'

# Obfuscation
rg -i '(base64|atob|btoa|fromCharCode)' ~/.cursor/skills/*/SKILL.md ~/.agents/skills/*/SKILL.md
```

## Risk Categories

| Risk | Pattern | Severity |
|------|---------|----------|
| Remote code execution | `curl \| bash`, `eval()`, `exec()` | CRITICAL |
| Prompt injection | Hidden override instructions | HIGH |
| Data exfiltration | Outbound HTTP with user data | HIGH |
| Secret theft | Access to `.env`, `.ssh`, credentials | HIGH |
| Obfuscation | base64 payloads, char code encoding | MEDIUM |

## Required Gate

Before any `npx skills add` command, this skill MUST be consulted. Install flow:

1. Pre-install check (Workflow 1)
2. Install with `npx skills add <repo> --skill <name> -g -y`
3. Run `uvx snyk-agent-scan@latest --skills ~/.agents/skills/<name>/SKILL.md`
4. If issues found, run `npx skills remove <name> -g -y` and report
5. Update `~/memo/global-memories/skills-index.md`

## Vetting Report Template

Use this format when producing audit reports (adapted from OpenClaw skill-vetter):

```
SKILL VETTING REPORT
Skill: [name] | Source: [GitHub/npm/other] | Author: [username] | Version: [ver]
Stars: [count] | Last Updated: [date] | Files Reviewed: [count]
RED FLAGS: [None / list]
Permissions: Files=[list] | Network=[list] | Commands=[list]
RISK: [LOW/MEDIUM/HIGH/EXTREME]
VERDICT: [SAFE / CAUTION / DO NOT INSTALL]
```

## Supply-Chain Vulnerability Scanning

For dependency-level scanning across Go, Python, and npm packages:

### Tools

| Tool | Languages | Install (macOS) | Install (Linux/WSL) | Purpose |
|------|-----------|-----------------|---------------------|---------|
| Syft | All | `brew install syft` | `curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh \| sh -s -- -b /usr/local/bin` | SBOM generation (CycloneDX/SPDX) |
| Grype | All | `brew install grype` | Same pattern as Syft | Vulnerability matching with EPSS/KEV scoring (v0.109+: 80% fewer false positives, DB v6) |
| govulncheck | Go | `go install golang.org/x/vuln/cmd/govulncheck@latest` | Same | Go call-graph reachability analysis |
| pip-audit | Python | `uv tool install pip-audit` | Same | PyPI-specific vulnerability checks |
| gosec | Go | `go install github.com/securego/gosec/v2/cmd/gosec@latest` | Same | Go static security analysis (beyond CVEs) |
| cosign | Containers | `brew install cosign` | `go install github.com/sigstore/cosign/v2/cmd/cosign@latest` | Container image signing and verification |

### Quick Scan Commands

```bash
# Full SBOM + vuln scan (any project)
syft dir:. -o json | grype sbom:- -o json

# Go-specific (reachable vulns only + static security)
govulncheck ./...
gosec ./...

# Python
pip-audit -r requirements.txt --format json

# npm
npm audit --json

# Container image signing
cosign sign --yes <image>
cosign verify <image>
```

### New Tools (2026-03 update)

| Tool | Languages | Install (macOS) | Install (Linux/WSL) | Purpose |
|------|-----------|-----------------|---------------------|---------|
| Trivy | All | `brew install trivy` | `sudo apt-get install trivy` | Multi-purpose: vuln, SBOM, secrets, misconfig scanning |
| sfw (Socket Firewall) | npm/pip/cargo | `npm i -g sfw` | Same (or download binary) | Blocks malicious packages pre-install; free alternative to socket.dev |
| license-cop | npm | `npm install -g license-cop` | Same | Lightweight licence compliance for solo devs |
| mcp-context-protector | MCP | Clone + `uv sync` | Same | Wraps MCP servers with guardrails, config pinning, ANSI sanitisation |

```bash
# Trivy full scan (vulns + secrets + misconfig)
trivy fs --scanners vuln,secret,misconfig .

# Socket Firewall (wraps npm install)
sfw npm install

# Licence compliance
npx license-cop init && npx license-cop

# MCP server protection
git clone https://github.com/trailofbits/mcp-context-protector
cd mcp-context-protector && uv sync
```

### Known Gaps (solo dev trade-off)

- **Phylum** -- multi-language malicious code detection (enterprise)
- **FOSSA CLI** -- full licence compliance scanning (enterprise)
- **Chainguard Libraries** -- source-rebuilt packages (commercial)
Use Syft SBOM + license-cop + Trivy as lightweight alternatives.

### Recommended Workflow

1. **SBOM first**: `syft dir:. -o cyclonedx-json > sbom.json`
2. **Scan SBOM**: `grype sbom:sbom.json -o json`
3. **Language-specific depth**: `govulncheck` for Go, `pip-audit` for Python
4. **CI integration**: All tools support JSON output for automated parsing

## Audit Schedule

- **On install**: Full scan of new skill (required gate)
- **Weekly**: `uvx snyk-agent-scan@latest --skills`
- **On update**: `npx skills check` then re-scan
- **On dependency change**: Run `syft` + `grype` pipeline on affected project