Show HN: AcidTest – Security scanner for AI agent skills (github.com)

AcidTest, a newly released security scanner for AI agent skills, aims to enhance the safety of the rapidly growing AgentSkills ecosystem, which now boasts over 66,000 skills. Recent audits have revealed alarming vulnerabilities: 26% of these skills contain at least one insecurity, with over 230 confirmed malicious skills identified within a single week. AcidTest v0.1.0 addresses these concerns by offering a straightforward scanning process with no need for API keys or complicated setups. Users can quickly assess the safety of their skills by running commands like `npx acidtest scan ./my-skill`. The significance of AcidTest lies in its comprehensive analysis capabilities that include a permission audit, prompt injection scan, and code behavior checks through TypeScript AST. The tool assigns a trust score based on severity, with critical issues leading to significant deductions. Among its findings are attempts at instruction overrides and undeclared network calls, signaling potential security threats like prompt injection and data exfiltration. By fostering a proactive approach to skill development and installation, AcidTest serves as an essential resource for developers, promoting a safer environment in the ever-expanding AI/ML landscape.