Why Skanzer
Built by Trevor Longino
I’ve been a hacker and systems thinker for over 20 years. I’m the founder of CrowdTamers and Imagination Quotient, and lately I’ve been building a lot of agentic software — tools where AI agents run code, call APIs, and modify files on your behalf.
The problem with “just install it”
Claude Code skills are markdown files that tell an AI agent what to do. They can instruct the agent to run shell commands, read and write files, make network requests, and modify system configuration. When you install a skill, you’re giving it the same access that you have.
Most skills are fine. But the ecosystem is new, growing fast, and there’s no built-in vetting process. A skill that claims to “format your code” could just as easily exfiltrate your environment variables, install a backdoor, or drop a crypto miner. The instructions are right there in plain text — but nobody reads every line of every skill they install, and the malicious patterns aren’t always obvious.
This is the same supply chain risk that hit npm, PyPI, and browser extensions — except skill files don’t go through a registry, don’t get signed, and don’t have an install step that might trigger a virus scanner. They’re just text files that an agent obeys.
Why I built Skanzer
I wanted something simple: a way to pre-screen skills before blindly installing them. Paste a GitHub URL, see what the skill actually does, and get a clear signal about whether it’s doing something it shouldn’t.
Skanzer runs static analysis across five phases — structure validation, line-by-line pattern matching, malware-specific detection, behavior heuristics, and a final verdict. It catches data exfiltration, privilege escalation, obfuscated payloads, and mismatches between what a skill says it does and what it actually instructs.
The badge system: trust, but verify
If you maintain skills, you want people to feel confident installing them. If you use skills, you want some assurance that someone has actually checked what’s in there. That’s what the badge is for.
After scanning a repository, Skanzer generates a live SVG badge you can embed in your README. It links to the full scan report so anyone can see exactly what was found — or that nothing was found. It’s a simple, verifiable signal: this skill has been scanned, here are the results, judge for yourself.
The goal isn’t to certify skills as “safe” — no static analysis tool can guarantee that. The goal is to make the invisible visible. When skill maintainers scan their own repos and publish the badge, they’re saying: “I have nothing to hide. Look for yourself.” That’s a meaningful step toward trust in an ecosystem that doesn’t have much of it yet.
Ready to scan? Create an account or sign in to get started.