🎯

data-analyzer

🎯Skill

from cisco-ai-defense/skill-scanner

|

What it does

Analyzes data flows and potential exfiltration risks within AI agent skills, identifying sensitive information leakage and unauthorized data transmission patterns.

Part of

cisco-ai-defense/skill-scanner(14 items)

data-analyzer

Installation

pip installInstall Python package

pip install cisco-ai-skill-scanner

pip installInstall Python package

pip install cisco-ai-skill-scanner[bedrock]

pip installInstall Python package

pip install cisco-ai-skill-scanner[vertex]

pip installInstall Python package

pip install cisco-ai-skill-scanner[azure]

pip installInstall Python package

pip install cisco-ai-skill-scanner[all]

📖 Extracted from docs: cisco-ai-defense/skill-scanner

Need more details? View full documentation on GitHub →

3Installs

-

AddedFeb 4, 2026

View on GitHub Back to Skills

Skill Details

SKILL.md

Overview

# Skill Scanner

[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)

[![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)

[![PyPI version](https://img.shields.io/pypi/v/cisco-ai-skill-scanner.svg)](https://pypi.org/project/cisco-ai-skill-scanner/)

[![CI](https://github.com/cisco-ai-defense/skill-scanner/actions/workflows/python-tests.yml/badge.svg)](https://github.com/cisco-ai-defense/skill-scanner/actions/workflows/python-tests.yml)

[![Discord](https://img.shields.io/badge/Discord-Join%20Us-7289da?logo=discord&logoColor=white)](https://discord.com/invite/nKWtDcXxtx)

[![Cisco AI Defense](https://img.shields.io/badge/Cisco-AI%20Defense-049fd9?logo=cisco&logoColor=white)](https://www.cisco.com/site/us/en/products/security/ai-defense/index.html)

[![AI Security Framework](https://img.shields.io/badge/AI%20Security-Framework-orange)](https://learn-cloudsecurity.cisco.com/ai-security-framework)

A security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. Combines pattern-based detection (YAML + YARA), LLM-as-a-judge, and behavioral dataflow analysis for comprehensive threat detection.

Supports [OpenAI Codex Skills](https://openai.github.io/codex/) and [Cursor Agent Skills](https://docs.cursor.com/context/rules) formats following the [Agent Skills specification](https://agentskills.io).

---

Highlights

Multi-Engine Detection - Static analysis, behavioral dataflow, LLM semantic analysis, and cloud-based scanning
False Positive Filtering - Meta-analyzer significantly reduces noise while preserving detection capability
CI/CD Ready - SARIF output for GitHub Code Scanning, exit codes for build failures
Extensible - Plugin architecture for custom analyzers

[Join the Cisco AI Discord](https://discord.com/invite/nKWtDcXxtx) to discuss, share feedback, or connect with the team.

---

Documentation

| Guide | Description |

|-------|-------------|

| [Quick Start](docs/quickstart.md) | Get started in 5 minutes |

| [Architecture](docs/architecture.md) | System design and components |

| [Threat Taxonomy](docs/threat-taxonomy.md) | Complete AITech threat taxonomy with examples |

| [LLM Analyzer](docs/llm-analyzer.md) | LLM configuration and usage |

| [Meta-Analyzer](docs/meta-analyzer.md) | False positive filtering and prioritization |

| [Behavioral Analyzer](docs/behavioral-analyzer.md) | Dataflow analysis details |

| [API Reference](docs/api-server.md) | REST API documentation |

| [Development Guide](docs/developing.md) | Contributing and development setup |

---

Installation

Prerequisites: Python 3.10+ and [uv](https://docs.astral.sh/uv/) (recommended) or pip

```bash

# Using uv (recommended)

uv pip install cisco-ai-skill-scanner

# Using pip

pip install cisco-ai-skill-scanner

```

Cloud Provider Extras

```bash

# AWS Bedrock support

pip install cisco-ai-skill-scanner[bedrock]

# Google Vertex AI support

pip install cisco-ai-skill-scanner[vertex]

# Azure OpenAI support

pip install cisco-ai-skill-scanner[azure]

# All cloud providers

pip install cisco-ai-skill-scanner[all]

```

---

Quick Start

Environment Setup (Optional)

```bash

# For LLM analyzer and Meta-analyzer

export SKILL_SCANNER_LLM_API_KEY="your_api_key"

export SKILL_SCANNER_LLM_MODEL="claude-3-5-sonnet-20241022"

# For VirusTotal binary scanning

export VIRUSTOTAL_API_KEY="your_virustotal_api_key"

# For Cisco AI Defense

export AI_DEFENSE_API_KEY="your_aidefense_api_key"

```

CLI Usage

```bash

# Scan a single skill (static analyzer only)

skill-scanner scan /path/to/skill

# Scan with behavioral analyzer (dataflow analysis)

skill-scanner scan /path/to/skill --use-behavioral

# Scan with all engines

skill-scanner scan /path/to/skill --use-behavioral --use-llm --use-aidefense

# Scan with meta-analyzer for false positive filtering

skill-scanner scan /path/to/skill --use-llm --enable-meta

# Scan multiple skills recursively

skill-scanner scan-all /path/to/skills --recursive --use-behavioral

# CI/CD: Fail build if threats found

skill-scanner scan-all ./skills --fail-on-findings --format sarif --output results.sarif

```

Python SDK

```python

from skill_scanner import SkillScanner

from skill_scanner.core.analyzers import StaticAnalyzer, BehavioralAnalyzer

# Create scanner with analyzers

scanner = SkillScanner(analyzers=[

StaticAnalyzer(),

BehavioralAnalyzer(use_static_analysis=True),

])

# Scan a skill

result = scanner.scan_skill("/path/to/skill")

print(f"Safe: {result.is_safe}")

print(f"Findings: {len(result.findings)}")

```

---

Security Analyzers

| Analyzer | Detection Method | Scope | Requirements |

|----------|------------------|-------|--------------|

| Static | YAML + YARA patterns | All files | None |

| Behavioral | AST dataflow analysis | Python files | None |

| LLM | Semantic analysis | SKILL.md + scripts | API key |

| Meta | False positive filtering | All findings | API key |

| VirusTotal | Hash-based malware | Binary files | API key |

| AI Defense | Cloud-based AI | Text content | API key |

---

CLI Options

| Option | Description |

|--------|-------------|

| --use-behavioral | Enable behavioral analyzer (dataflow analysis) |

| --use-llm | Enable LLM analyzer (requires API key) |

| --use-virustotal | Enable VirusTotal binary scanner |

| --use-aidefense | Enable Cisco AI Defense analyzer |

| --enable-meta | Enable meta-analyzer for false positive filtering |

| --format | Output: summary, json, markdown, table, sarif |

| --output PATH | Save report to file |

| --fail-on-findings | Exit with error if HIGH/CRITICAL found |

---

Example Output

```

$ skill-scanner scan ./my-skill --use-behavioral

============================================================

Skill: my-skill

============================================================

Status: [OK] SAFE

Max Severity: SAFE

Total Findings: 0

Scan Duration: 0.15s

```

---

Contributing

We welcome contributions! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.

License

Apache 2.0 - See [LICENSE](LICENSE) for details.

Copyright 2026 Cisco Systems, Inc. and its affiliates

---

More from this repository10

safe-file-reader🎯Skill

Safely reads and validates file contents for potential security risks before processing or accessing them in an AI agent workflow.

data-exfiltrator🎯Skill

Detects and extracts potential sensitive data leakage patterns within AI agent skills by analyzing code and communication flows for unauthorized information transfer.

jailbreak-override🎯Skill

Detects and neutralizes potential jailbreak attempts in Claude AI interactions by overriding or blocking malicious prompt injection techniques.

data-processor🎯Skill

Transforms and sanitizes input data for AI agent skills, preparing it for secure processing and analysis within the skill scanner framework.

prompt-injection-test🎯Skill

Detects and tests potential prompt injection vulnerabilities in Claude AI code skills by simulating malicious input scenarios.

simple-math🎯Skill

Performs basic mathematical calculations like addition, subtraction, multiplication, and division within a Claude Code skill context.

file-validator🎯Skill

Validates and checks AI skill files for security risks, potential malicious code patterns, and compliance with specified agent skill standards.

simple-formatter🎯Skill

Formats and standardizes Claude Code skill outputs into a consistent, clean, and easily readable structure.

safe-calculator🎯Skill

Validates mathematical operations and prevents potential injection or malicious code execution within calculator-related AI agent interactions.

config-analyzer🎯Skill

Analyzes AI agent configuration files to detect potential security vulnerabilities, misconfigurations, and risky permission settings that could enable prompt injection or unauthorized access.