← Browse all 10 skills-check commands
Security & Quality

audit

A security-focused scan that verifies every package, URL, and command in your skill files. Catches hallucinated dependencies, prompt injection patterns, dangerous shell commands, and broken links before they reach an agent.

Why it matters

Skills are executable instructions — an agent will npm install packages, run shell commands, and follow URLs exactly as written. A hallucinated package name could install malware via typosquatting. A prompt injection pattern could override agent safety boundaries. Audit catches these before they cause harm.

What it does

  • Extracts all npm/pip/cargo package references and verifies they exist on their registries
  • Cross-references against known hallucinated package databases (Aikido Security, Socket.dev research)
  • Scans for prompt injection patterns: instruction overrides, data exfiltration, obfuscation
  • Flags dangerous shell commands: destructive operations, pipe-to-shell installs, sensitive file access
  • Checks every URL for liveness via HEAD requests with SSRF protection
  • Validates frontmatter metadata completeness

Usage

npx skills-check audit [path] [options]

Options

FlagDescription
--format <type>Output: terminal, json, markdown, or sarif
--fail-on <severity>Exit 1 at threshold: critical, high, medium, low
--ciCI mode with strict exit codes
--quietSuppress non-finding output
--no-networkSkip network-dependent checks (registry, URLs)
--isolation <provider>Run in an isolated container (auto, docker, podman, apple-container, vercel-sandbox, etc.)
--no-isolationDisable isolation and run directly on the host

Examples

Audit everything

npx skills-check audit

Audit one file

npx skills-check audit ./skills/ai-sdk-core.md

SARIF for GitHub Security tab

npx skills-check audit --format sarif

CI gate at high severity

npx skills-check audit --fail-on high --ci

Audit in Docker

npx skills-check audit --isolation docker

When to use this

  • Before publishing a skill to the registry
  • When reviewing a contributed SKILL.md
  • In CI before merge

Related commands

  • policyScan for issues, then enforce rules
  • lintAudit content, then validate format

Common findings

  • Hallucinated npm package — referenced package doesn't exist
  • Prompt injection pattern — override instructions detected
  • Dead URL — linked resource returns 404
  • Missing metadata — required frontmatter fields absent

CI tip

Use --format sarif and upload to GitHub's code scanning to see findings inline on PRs. Combine with --fail-on high to block merges on critical issues.

See complete CLI reference in docs →