Every AI skill, verified for threats. Upload any SKILL.md file and get a full security analysis in seconds. Two-layer detection — pattern matching plus LLM behavioral analysis — catches what regex alone cannot.
WHAT IT DETECTS
8 threat categories. Zero blind spots.
Prompt Injection
Detects hidden instructions that override system prompts or manipulate LLM behavior.
Credential Access
Flags attempts to read API keys, tokens, passwords, or environment variables.
Data Exfiltration
Catches unauthorized data transmission via URLs, webhooks, or encoded payloads.
Shell Execution
Identifies commands that execute arbitrary code, scripts, or system binaries.
Social Engineering
Spots manipulation tactics designed to trick users into unsafe actions.
Permission Escalation
Detects attempts to gain elevated access beyond stated skill requirements.
Obfuscation
Uncovers base64 encoding, Unicode tricks, zero-width characters, and steganography.
Hidden Content
Reveals invisible instructions embedded via HTML comments, metadata, or whitespace.
HOW IT WORKS
From upload to trust score in seconds. 01
Upload
Drag and drop a SKILL.md file into the scanner or paste the content directly. No account needed.
02
Two-layer analysis
Layer 1 runs deterministic pattern matching instantly. Layer 2 uses LLM behavioral analysis to catch subtle threats.
03
Trust score
Get a score out of 100 with every finding explained in plain language. Severity, category, matched content, and remediation guidance.
Try the Scanner Free No account required. No cost. Results in seconds.
Scan a Skill File ENTERPRISE
Need fleet-wide AI security? Scandar Overwatch gives you real-time visibility into every agent in your organization — policies, compliance reports, alert routing, and kill chain detection. Self-serve setup in 25 minutes.
Explore Overwatch →