Free Claude Skill Scans Other Skills for Security Risks

A developer has created a free Claude skill designed to review the security of other Claude skills. The tool addresses concerns about the security review ecosystem for community-created skills, which the developer compares to the early days of open source package security.
What the Skill Does
The skill inspects Claude skills before use by:
- Checking the skill code for potentially malicious behavior
- Reviewing the repository using a scorecard-style approach to surface basic security signals
The developer built the project specifically for Claude to help answer the question: "Does this Claude skill look reasonably safe to use?"
Development Process
Claude assisted with parts of the development, including:
- Shaping the workflow
- Refining the checks
- Speeding up implementation
Availability and Feedback
The tool is free to try at: https://github.com/CloudSecurityPartners/skills
The developer is seeking feedback from people building or using Claude skills, particularly around what security checks would be most useful.
📖 Read the full source: r/ClaudeAI
👀 See Also

AI Agent Exploits SQL Injection to Compromise McKinsey's Lilli Chatbot
Security researchers at CodeWall used an autonomous AI agent to hack McKinsey's internal Lilli chatbot, gaining full read-write access to its production database in two hours via an SQL injection vulnerability in unauthenticated API endpoints.

Roblox cheat and AI tool caused Vercel platform outage
A Roblox cheat combined with an AI tool reportedly caused a complete platform outage for Vercel, generating significant discussion on Hacker News with 66 points and 24 comments.

OpenClaw's External Content Wrapper for Prompt Injection Defense
OpenClaw uses an external content wrapper that automatically tags web search results, API responses, and similar content with warnings that it's untrusted, priming the LLM to be skeptical and more likely to refuse malicious instructions.

Claude implements identity verification for certain use cases
Anthropic is rolling out identity verification for Claude through Persona Identities, requiring government-issued photo IDs and live selfies. The verification process takes under five minutes and is used to prevent abuse and comply with legal obligations.