Path traversal risk in file resolver Medium
Relative paths may escape the intended KB root without normalization.
SKILL.md, MCP JSON, OpenAPI, or bundled folder/zip.
Interactive demo
SkillGuard
Supply-chain security for Agent Skills and MCP tools
Live sample
Security score 72
Risk level Medium
Trifecta hit No
Intent alignment 85%
Lethal Trifecta
data access 12
Reads local knowledge-base files under user-controlled paths
untrusted input 18
Accepts arbitrary query strings from the agent runtime
execution auth 8
No shell execution or credential exfiltration patterns detected
Pipeline
- Parse Skill done
- Trifecta Score done
- Dependency CVE done
- Static Analysis done
- Dynamic Probe done
- Intent Analysis done
- Generate Report done
Summary
This sample skill implements a knowledge-base retriever with filesystem read scope. Static analysis found no critical exfiltration patterns. Dependency scan returned no known CVEs for pinned packages. Dynamic probing was run in monitor mode. Review path traversal guards before production use.
Findings
No network egress observed Info
Dynamic probe did not detect outbound connections in monitor mode.
Dependencies
requests@2.31.0 No known CVEs Video walkthrough
SkillGuard demo Demo
Product demo — not a live environment.
How it works
- 1 Upload skill asset
- 2 Parse & manifest
Normalize structure, dependencies, and scan surface.
- 3 Risk scoring
Trifecta, CVE scan, static rules, optional dynamic probe, intent check.
- 4 Structured report
Score, findings, remediation priorities — ready for audit.
Capabilities
- Parse SKILL.md, MCP JSON, and OpenAPI manifests
- Lethal Trifecta scoring (data access × untrusted input × execution)
- Dependency CVE scan via OSV
- Static rules + optional dynamic fuzz probing
- Intent alignment: declared purpose vs. actual capabilities
- Structured report with remediation priorities
MCP tools
skillguard_parse_skillskillguard_trifecta_scoreskillguard_generate_report
Related scenarios
Ready to see ClawDesk in action?