Show HN: SkillRisk – Free security analyzer for AI agent skills (skillrisk.org)

SkillRisk has launched a free security analyzer designed specifically for AI agent skills, enabling developers to paste their skill code and identify potential vulnerabilities such as backdoors, dangerous permissions, and data leaks. The analysis is executed entirely in-memory with zero data retention, ensuring user privacy. Initially, the tool employs static regex rules to catch common security issues, but users can upgrade to a more advanced AI engine for deeper logic and intent analysis, allowing for the identification of potentially harmful commands and hardcoded credentials. This tool is significant for the AI/ML community as it addresses the growing concern over security vulnerabilities in AI applications, which can have dire consequences if exploited. Beyond basic checks, SkillRisk offers capabilities to detect hidden network requests and automate security assessments via API or GitHub Actions, making it a versatile tool for developers. By monitoring security trends over time, it equips developers with a proactive approach to safeguarding their AI skills against threats that traditional static analysis might overlook.