When should I use the scan-repo skill?

You should use it whenever you clone a new repository, install packages from untrusted sources, or audit code generated for AI agents before deployment.

How does the risk scoring system work?

Findings are scored from 0 to 50+, ranging from CLEAN (safe) to CRITICAL (blocked), providing a clear recommendation on whether to use or reject the code.

What types of threats does the Sigil scan-repo skill detect?

It identifies malicious install hooks, risky eval/exec calls, unauthorized network exfiltration, and exposed credentials within your code or dependencies.

Does it scan dependencies as well as source code?

Yes, it is designed to analyze full directories and repositories, making it effective for checking both your source code and its associated package dependencies.

Automated Security Auditing with Sigil

Name: Automated Security Auditing with Sigil
Author: NOMARJ

byNOMARJ

•

セキュリティとテスト

Scans repositories and directories for security threats and malicious patterns to ensure safe code execution and dependency management.

The scan-repo skill integrates the Sigil security auditing CLI directly into Claude's workflow, enabling automated scanning of repositories, directories, and third-party packages. It identifies dangerous patterns such as malicious install hooks, unauthorized network exfiltration, risky eval/exec calls, and exposed credentials. By providing a quantified risk score and actionable verdict, this skill helps developers maintain a 'quarantine-first' workflow, ensuring that untrusted AI agent code or cloned repositories are thoroughly vetted before use.

主な機能

01Identification of malicious patterns including network exfiltration and credential leaks

021 GitHub stars

03Support for auditing AI agent tooling and suspicious packages

04Actionable approval/rejection recommendations based on findings

05Quantified risk scoring system from Clean to Critical

06Automated threat detection for repositories and dependencies

ユースケース

01Securing AI agent environments by scanning retrieved or generated code

02Auditing cloned repositories from untrusted sources before execution

03Checking new dependencies and packages for malicious post-install hooks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nomarj/sigil scan-repo

For use in Claude.ai and ChatGPT

Download Skill