Static analysis + AI · No signup

Before installing that skill, see what it hides.

Upload a ZIP, GitHub link or paste code. Our scanner looks for hidden shell commands, credential reads, obfuscation and anything that shouldn't be there.

Scan now What we detect →

What SkillScan looks for

Shell command execution

eval, exec, child_process, curl | bash and remote execution patterns.

Network calls

fetch, requests, raw sockets — potential exfiltration channels.

Credential access

SSH keys, AWS, .env files and sensitive variables.

Persistence

Changes to .bashrc, crontab, systemctl and startup files.

Code obfuscation

base64+eval, long encoded strings, hex payloads.

Dynamic install

pip/npm install at runtime pulling unaudited code.

How it works

ZIP / Link

Submit your skill for analysis

Static analysis + AI

What SkillScan looks for

Verdict

No suspicious patterns detected by static rules.

Submit your skill for analysis

Static analysis + AI · No signup

.zip file (max 25MB)

Email (optional — receive the result)

Frequently asked questions

What is SkillScan?

Is my code stored on the server?

Does SkillScan execute the code?

What file types are accepted?

How does payment work?

Do false positives exist?