Security gate for skills. Every new skill MUST pass SkillScan before use. Activate on any install, load, add, evaluate, or safety question about a skill. On...
Real data. Real impact.
Emerging
Developers
Per week
Open source
Skills give you superpowers. Install in 30 seconds.
Security check for skill packages. Every new skill must pass this scan before use.
Implemented in
scripts/scanner.pyDo NOT generate report files inside the skill directory.
Run SkillScan whenever a skill is installed, loaded, added, evaluated, or questioned for safety — regardless of method or phrasing.
Trigger examples: install, load, add, use, set up, "is this safe", upload .zip/.skill, paste SKILL.md, mention unknown skill name, install from hub/store.
Check
scripts/.first_run_doneNot found → Tell user SkillScan is installed, ask to scan all existing skills:
python <skill_scanner_dir>/scripts/scanner.py first-run
.first_run_doneFound → Skip, operate normally.
| Command | Usage |
|---|---|
| Scan a single skill (.zip or directory) |
| Scan all installed skills |
| First-time full scan |
| Manual upgrade |
| Code | Verdict | Action |
|---|---|---|
| UNKNOWN / SAFE | Proceed |
| LOW / MEDIUM | Warn user, ask to confirm |
| HIGH / CRITICAL | Block, show details |
| Scan failed | Explain, offer retry |
Checks for updates every day automatically. Silent, no user action needed. Manual:
scanner.py upgrade| Variable | Description |
|---|---|
| Custom update source (optional) |
Base URL:
https://skillscan.tokauth.com| Step | Method | Path |
|---|---|---|
| ① Cache lookup | GET | |
| ② Upload | POST | |
| ③ Poll result | GET | |
No automatic installation available. Please visit the source repository for installation instructions.
View Installation Instructions
1,500+ AI skills, agents & workflows. Install in 30 seconds. Part of the Torly.ai family.
© 2026 Torly.ai. All rights reserved.