alvabillwu/skill-audit

GitHub: alvabillwu/skill-audit

一款针对 AI agent Skill 文件的安全审计扫描器,通过静态分析检测 prompt 注入、工具滥用和数据外泄等风险。

Stars: 0 | Forks: 0

# 🛡️ skill-audit [![npm](https://img.shields.io/npm/v/skill-audit)](https://www.npmjs.com/package/skill-audit) [![License](https://img.shields.io/badge/license-MIT-green)](LICENSE) [![Node](https://img.shields.io/badge/node-18%2B-brightgreen)](https://nodejs.org/) [![CI](https://static.pigsec.cn/wp-content/uploads/repos/cas/ad/ad5834178f7599af9fdda11629d49cae07f2997beec49821b2920eff5bfd50e7.svg)](https://github.com/alvabillwu/skill-audit/actions/workflows/ci.yml) **针对 agent Skills 的安全审计扫描器。** 在 2026 年,社区 Skill 仓库的 **漏洞率达到了 26%**,包含 9 个 CVE(最高 CVSS 8.8)。skill-audit 会扫描 SKILL.md / .skill.json 文件,以检测 prompt injection、tool misuse、data exfiltration 以及 supply-chain 风险。 ## 快速开始 ``` npm install -g skill-audit ``` ## 使用方法 ``` skill-audit scan my-skill.md skill-audit scan skill1.md skill2.md --json skill-audit rules ``` 输出: ``` skill-audit — 2 file(s) scanned ✗ bad-skill.md risk:80 VULNERABLE [critical] System prompt override detected line 15: "Ignore all previous instructions" [high] Tool has unrestricted filesystem access line 23: "read any file from the filesystem" ✓ safe-skill.md risk:0 SAFE 2 files: 1 safe, 0 review, 1 vulnerable ``` ## 审计规则(共 12 条) | 类别 | 规则 | |----------|-------| | **prompt-injection** | System override、role manipulation、delimiter injection | | **tool-misuse** | Arbitrary commands、unrestricted filesystem、network | | **data-exfiltration** | Output forwarding、env var access、sensitive paths | | **supply-chain** | Remote code fetch、unpinned dependencies | ## 许可证 MIT © [alvabillwu](https://github.com/alvabillwu)
标签:AI安全, Chat Copilot, CISA项目, DLL 劫持, GNU通用公共许可证, LLM Agent, MITM代理, Node.js, 大语言模型, 提示词注入检测, 文档结构分析, 暗色界面, 自动化攻击, 静态代码扫描